2024-04-08 00:00:00
mitre
PUBLISHED
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.