userfrosting/userfrosting is vulnerable to host header injection. The library does not properly validate the URL for ‘forgot password’ function, allowing an attacker to reset the password and take over the user account by using maliciously crafted password reset link.