CVE-2019-15749
MEDIUMSITOS six v6.2.1 - Weak Password Recovery Mechanism
Title source: llmDescription
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.contextis.com/en/resources/advisories/cve-2019-15749
Scores
CVSS v3
6.5
EPSS
0.0098
EPSS Percentile
57.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-640
Status
published
Products (1)
sitos/sitos_six
6.2.1
Published
Oct 07, 2019
Tracked Since
Feb 18, 2026