Lucene search
Veracode Vulnerability DatabaseVERACODE:33764HistoryJan 19, 2022 - 9:48 a.m.
Account Takeover
2022-01-1909:48:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
umbracocms
vulnerability
account takeover
software
password reset
url
attacker
EPSS
0.001
Percentile
39.1%
umbracocms is vulnerable to account takeover. The use of ApplicationUrl in ConstructCallbackUrl to build a URL pointing back to the site allows an attacker to poison password reset URLs and perform account take over.
Related
prion
prion
Default credentials
2022-01-18 17:15:00
Design/Logic Flaw
2022-01-18 17:15:00
cve
cve
CVE-2022-22690
2022-01-18 17:15:10
CVE-2022-22691
2022-01-18 17:15:10
nvd
nvd
CVE-2022-22690
2022-01-18 17:15:10
CVE-2022-22691
2022-01-18 17:15:10
github
github
Umbraco ApplicationURL Overwrite
2022-01-21 23:34:24
Umbraco Persistent Password Reset Poison
2022-01-21 23:34:27
cvelist
cvelist
CVE-2022-22690 Umbraco Remote ApplicationURL Overwrite
2022-01-18 16:52:21
CVE-2022-22691 Umbraco Password Reset URL Poison
2022-01-18 16:52:20
osv
osv
CVE-2022-22691
2022-01-18 17:15:10
Umbraco Persistent Password Reset Poison
2022-01-21 23:34:27
CVE-2022-22690
2022-01-18 17:15:10