3 matches found
PT-2026-22209
Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop, a TypeScript-first eCommerce platform, has an issue in the "Forgot Password" functionality. When a target email address is provided, the API response includes the password reset token. Thi...
EUVD-2022-3452
Malicious code in bioql PyPI...
CVE-2024-42914
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server a...