CVE-2020-37158Cross-Site Request Forgery in Platform

CWE-352Cross-Site Request ForgeryCWE-640Weak Password Recovery Mechanism for Forgotten Password2 documents2 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 91.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Avideo PlatformWwbn Avideo
Timeline
PublishedFeb 11

Description

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5avideo/avideo_platform8.1
NVDwwbn/avideo8.1

🔴Vulnerability Details

1
GHSA
GHSA-qxf4-rqx4-9mqj: AVideo Platform 82026-02-11