snipe/snipe-it is vulnerable to host header injection. Host header in the reset password request is not handled properly, allowing an attacker to send malicious links to enable password reset token leak when clicked and leading to account take over.
CPE | Name | Operator | Version |
---|---|---|---|
snipe/snipe-it | le | v5.3.10 | |
snipe/snipe-it | le | v5.3.10 |