The password reset form in Weblate prior to 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote malicious users to enumerate user accounts via a series of requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
weblate weblate |