OvalEdge 5.2.8.0 and earlier is affected by an Account...
Critical severity
Unreviewed
Published
Oct 25, 2024
to the GitHub Advisory Database
•
Updated Oct 25, 2024
Description
Published by the National Vulnerability Database
Oct 25, 2024
Published to the GitHub Advisory Database
Oct 25, 2024
Last updated
Oct 25, 2024
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
References