← Back to CVE List
CVE-2024-28270
Published:
2024-04-08T19:15Z
Last Modified:
2024-11-21T09:06Z
Source:
MITRE CVE List
License:
MITRE-CVE-TOS
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt