Описание
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
EPSS
Процентиль: 24%
0.00084
Низкий
8 High
CVSS3
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 8
github
больше 1 года назад
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
EPSS
Процентиль: 24%
0.00084
Низкий
8 High
CVSS3
Дефекты
CWE-640