Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/07/09 4:3 p.m.20 views

CVE-2025-53373

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b...

9.3CVSS7AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/07/07 4:15 p.m.20 views

CVE-2025-53373

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b...

9.3CVSS0.00299EPSS
Exploits0References2
OSV
OSV
added 2025/07/07 3:38 p.m.8 views

CVE-2025-53373 Natours has a 1 Click Account take over on reset password via Host Header injection

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b...

9.3CVSS6.8AI score0.00299EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/07 3:38 p.m.26 views

CVE-2025-53373 Natours has a 1 Click Account take over on reset password via Host Header injection

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b...

9.3CVSS0.00299EPSS
Exploits0References2
Rows per page
Query Builder