6 matches found
EUVD-2022-0686
Malicious code in bioql PyPI...
Umbraco Persistent Password Reset Poison
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...
GHSA-R8PR-83CC-CCV7 Umbraco Persistent Password Reset Poison
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...
CVE-2022-22691
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...
CVE-2022-22690
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" or just "ApplicationUrl" is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the...
CVE-2022-22690
The CVE describes an Umbraco CMS issue where the configuration element UmbracoApplicationUrl/ApplicationUrl is used to construct URLs (e.g., password reset). For versions