2024-08-23 00:00:00
mitre
PUBLISHED
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users passwords and compromise their accounts.