Description

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

Remediation

References

CVE-2016-7903

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2020-28037)

WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty Cross-Site Scripting (2.3.2)

WordPress Plugin User Registration, Login & Landing Pages-LeadMagic Cross-Site Scripting (1.2.7)

Jetty Improper Access Control Vulnerability (CVE-2016-4800)

Tornado URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-28370)

Severity

Low

Classification

CVE-2016-7903 CWE-264 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities