EPSS
Percentile
73.9%
Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset.
flintcms
Update to version 1.1.10 or later.
github.com/advisories/GHSA-jhq3-57xh-6643
hackerone.com/reports/386807
nvd.nist.gov/vuln/detail/CVE-2018-3783
www.npmjs.com/advisories/689