Reset Password add-on
by Alfresco
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25727 | 0.00 | — | 0.01 | Sep 17, 2020 | The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | |||
| CVE-2020-25728 | 0.00 | — | 0.01 | Sep 17, 2020 | The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. |
- CVE-2020-25727Sep 17, 2020risk 0.00cvss —epss 0.01
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.
- CVE-2020-25728Sep 17, 2020risk 0.00cvss —epss 0.01
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.