Description
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP SlackSync Information Disclosure (1.8.5)
WebLogic CVE-2024-21182 Vulnerability (CVE-2024-21182)
WordPress Plugin NewStatPress Multiple Vulnerabilities (1.0.4)
WordPress Plugin Database Backup for WordPress Cross-Site Scripting (2.3.3)
CakePHP Improper Input Validation Vulnerability (CVE-2010-4335)