Publish date
03 October 2019
Identifier
CVE-2019-15749
Manufacturer
SITOS
Product
SITOS Six Build v6.2.1
Authors
Dennis Herrmann and Andre Waldhoff
Description
SITOS Six Build v6.2.1 allows a user to change the password and their recovery email without requiring them to confirm the change with their old password. This would allow an attacker with access to the victims account, for example via XSS (see CVE-2019-15750 - Cross-Site-Scripting - Non-Persistent) to change the users password and recovery email.