npm package
flintcms
pkg:npm/flintcms
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-3783 | Cri | 9.8 | < 1.1.10 | 1.1.10 | Aug 17, 2018 | A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. |
- affected < 1.1.10fixed 1.1.10
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.