Vulnerabilities > Ovaledge > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2022-30357 Unspecified vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters.
network
low complexity
ovaledge
8.8
8.8
2024-10-25 CVE-2022-30358 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters.
network
low complexity
ovaledge CWE-863
8.8
8.8