EPSS
Percentile
73.9%
flintcms is vulnerable to privilege escalation attacks. The library does not sanitize user input, allowing a malicious user to inject and execute arbitrary MongoDB queries through the password reset page.
github.com/JasonEtco/flintcms/commit/4ae34238ce39fde00dfa15082397541758c07af1
hackerone.com/reports/386807