In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mend

Published: 2022-01-03T06:45:10

Updated: 2024-08-03T20:19:19.566Z

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25994

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-03T07:15:07.243

Modified: 2024-11-21T05:55:45.417

Link: CVE-2021-25994

cve-icon Redhat

No data.