4 matches found
EUVD-2023-2852
Malicious code in bioql PyPI...
CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection
ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicio...
CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection
ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicio...
ZITADEL Account Takeover via Malicious Host Header Injection
Impact ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code c...