3 matches found
CVE-2021-30185
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link...
CVE-2021-30185
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link...
CVE-2021-30185
CVE-2021-30185 affects CERN Indico prior to 2.3.4. The vulnerability resides in Indico’s URL generation for password resets, where an attacker-supplied Host header can steer the reset link to an attacker-controlled domain. If a user clicks such a link, the attacker could obtain the password reset...