CVE-2017-16756

Name of the Vulnerable Software and Affected Versions: Userscape HelpSpot versions prior to 4.7.2

Description: A cross-site request forgery issue exists, allowing an attacker to change the password of another user's account through POST requests to the "index.php?pg=password.change" endpoint.

Recommendations: For versions prior to 4.7.2, update to version 4.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php?pg=password.change" endpoint until a patch is applied.