snipe/snipe-it is vulnerable to host header injection. An attacker is able to reset the password and take over an user account by luring the victim to an attacker controlled server via a maliciously crafted password request link.
CPE | Name | Operator | Version |
---|---|---|---|
snipe/snipe-it | le | v5.3.7 | |
snipe/snipe-it | le | v5.3.7 |