12 matches found
EUVD-2022-0565
Malicious code in bioql PyPI...
CVE-2021-25994
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
Injection in UserFrosting
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
GHSA-CV25-3GMG-C6M8 Injection in UserFrosting
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
Userfrosting has an unspecified vulnerability
Userfrosting is a secure, modern Php user management system. a security vulnerability exists in Userfrosting, which stems from the fact that in Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to a host header injection attack. An attacker could exploit the vulnerability to use the forgot...
Host Header Injection
lavalite/cms is vulnerable to host header injection.The vulnerability exists because of a lack of sanitization in the http header, which allows an attacker to reset the password and take over the user account by using a maliciously crafted password reset link...
CVE-2021-25994
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
CVE-2021-25994
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
Design/Logic Flaw
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...
CVE-2021-25994
CVE-2021-25994 concerns Userfrosting versions v0.3.1–v4.6.2 vulnerable to Host Header Injection. The underlying issue allows an unauthenticated attacker to abuse the forgot-password flow by injecting host header data to reset a user’s password, enabling account takeover. Connected documents corro...
Userfrosting 注入漏洞
Userfrosting is a secure, modern Php user management system. a security vulnerability exists in Userfrosting, which stems from the fact that in Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to a host header injection attack. An attacker could exploit the vulnerability to use the forgot...