A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Staff Appraisal System
Staff Appraisal System staff Appraisal System |
|
Weaknesses | CWE-640 | |
CPEs | cpe:2.3:a:staff_appraisal_system:staff_appraisal_system:1.0:*:*:*:*:*:*:* | |
Vendors & Products |
Staff Appraisal System
Staff Appraisal System staff Appraisal System |
|
Metrics |
cvssV3_1
|
Fri, 23 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-23T00:00:00
Updated: 2024-08-23T18:07:55.606Z
Reserved: 2024-08-05T00:00:00
Link: CVE-2024-42915
Vulnrichment
Updated: 2024-08-23T18:07:49.449Z
NVD
Status : Awaiting Analysis
Published: 2024-08-23T15:15:16.550
Modified: 2024-08-23T18:35:05.490
Link: CVE-2024-42915
Redhat
No data.