In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mend
Published: 2022-01-03T06:45:10
Updated: 2024-08-03T20:19:19.566Z
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25994
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-01-03T07:15:07.243
Modified: 2024-11-21T05:55:45.417
Link: CVE-2021-25994
Redhat
No data.