Description

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.

Remediation

References

CVE-2024-42903

Related Vulnerabilities

WordPress Plugin WP SlackSync Information Disclosure (1.8.5)

WebLogic CVE-2024-21182 Vulnerability (CVE-2024-21182)

WordPress Plugin NewStatPress Multiple Vulnerabilities (1.0.4)

WordPress Plugin Database Backup for WordPress Cross-Site Scripting (2.3.3)

CakePHP Improper Input Validation Vulnerability (CVE-2010-4335)

Severity

Medium

Classification

CVE-2024-42903 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities