CVE-2026-28213
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version 2.1.1 fixes the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-200
Source
NVD
Vendor
evershopcommerce
Product
evershop
Discussion (0)
Add Comment
No comments yet. Be the first!