2 matches found
CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
CVE-2021-25994
CVE-2021-25994 concerns Userfrosting versions v0.3.1–v4.6.2 vulnerable to Host Header Injection. The underlying issue allows an unauthenticated attacker to abuse the forgot-password flow by injecting host header data to reset a user’s password, enabling account takeover. Connected documents corro...