2021-05-17 00:00:00
mitre
PUBLISHED
InvoicePlane 1.5.11 doesnt have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.