Closed SecGus closed 4 years ago
I tried to report it via the support link for bugs on your main page (https://bitbucket.org/navigatecms/navigatecms/issues/new), this seems to be broken, so if you are interested in more details, please reply on here.
Thank you for finding this issue. Do you mind sending all details via email to info@navigatecms.com?
E-mail with details sent. Let me know if anything else is needed.
Fixed by 967da65e40efbdf31973b8f065de9eabebd3accf and other commits
I have discovered multiple vulnerabilities in the application, that can be chained together to achieve a full account takeover.