Security Advisory

CVE-2024-26470

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-27 00:00:00

Last updated 2024-08-28 15:41:54

Assigner mitre

State PUBLISHED

Description

A host header injection vulnerability in the forgot password function of FullStackHeros WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.

← Browse all CVEs View on cve.org ↗