CVE-2023-38877
Economizzer (gugoan) v0.9-beta1 and commit 3730880 are affected by a host header injection vulnerability in the password reset flow. The issue allows an attacker-controlled server to receive password reset tokens, enabling the attacker to reset other users’ passwords. Root cause described across ...