CVE-2020-18406

HIGH

cmseasy <7.0.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0007
EPSS Percentile 20.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (1)

cmseasy/cmseasy

Timeline

Published Jun 27, 2023
Tracked Since Feb 18, 2026