Dradis Professional Edition prior to 4.3.0 allows malicious users to change an account password via reusing a password reset token.
dradisframework dradis