2 matches found
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
PT-2025-28174 · Pypi · Flask-Boilerplate
Name of the Vulnerable Software and Affected Versions: flask-boilerplate versions through a170e7c Description: The issue allows account takeover via the password reset feature. This is because the SERVER NAME is not configured, and thus the password reset depends on the Host HTTP header...