VYPR

Reset Password add-on

by Alfresco

CVEs (2)

  • CVE-2020-25727Sep 17, 2020
    risk 0.00cvss epss 0.01

    The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.

  • CVE-2020-25728Sep 17, 2020
    risk 0.00cvss epss 0.01

    The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.