Back to CVE List

CVE-2026-28213

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version 2.1.1 fixes the issue.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-200
Source
NVD
Vendor
evershopcommerce
Product
evershop

External References

Discussion (0)

Add Comment

No comments yet. Be the first!