2021-04-07 13:25:41
mitre
PUBLISHED
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.