Lucene search
Veracode Vulnerability DatabaseVERACODE:4320HistoryMay 30, 2017 - 1:59 a.m.
Phishing Attacks
2017-05-3001:59:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.001
Percentile
43.2%
laravel/framework is vulnerable to phishing attacks. The library uses the host of the incoming request to build the password reset URL. This can allow a malicious user to spoof the host of the password reset URL link, leading to other users accidentally entering their login credentials on a malicious site.
Related
osv
osv
CVE-2017-9303
2017-05-29 22:29:00
Laravel does not properly constrain the host portion of a password-reset URL
2022-05-17 02:42:21
prion
prion
Default credentials
2017-05-29 22:29:00
friendsofphp
friendsofphp
Password reset phishing vulnerability
1970-01-01 00:00:00
Password reset phishing vulnerability
1970-01-01 00:00:00
github
github
Laravel does not properly constrain the host portion of a password-reset URL
2022-05-17 02:42:21
debiancve
debiancve
CVE-2017-9303
2017-05-29 22:29:00
cvelist
cvelist
CVE-2017-9303
2017-05-29 22:00:00
nvd
nvd
CVE-2017-9303
2017-05-29 22:29:00
cve
cve
CVE-2017-9303
2017-05-29 22:29:00