Vulnerability Issue

I would agree if you forgot the password but not changing his own password & the link which I have provided shows the high risk…

https://nvd.nist.gov/vuln/detail/CVE-2021-28128