Description

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.

Remediation

References

CVE-2024-42903

Related Vulnerabilities

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2002-2391)

GlassFish Improper Authentication Vulnerability (CVE-2017-1000030)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1834)

WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)

WordPress Plugin Feedify-Web Push Notifications Cross-Site Scripting (2.1.8)

Severity

Medium

Classification

CVE-2024-42903 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities