Description
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Remediation
References
https://hackerone.com/reports/386807
Related Vulnerabilities
CVE-2023-46233 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab
CVE-2022-1233 Vulnerability in maven package org.webjars.bower:urijs
CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog
CVE-2020-5398 Vulnerability in maven package org.springframework:spring-web