Description
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-0435 Vulnerability (CVE-2006-0435)
WordPress Plugin WP Server Log Viewer Cross-Site Scripting (1.0)
WordPress Plugin Easy Registration Forms Cross-Site Scripting (1.8.3)
OpenSSL Improper Input Validation Vulnerability (CVE-2015-0293)
Oracle Application Server CVE-2007-3854 Vulnerability (CVE-2007-3854)