First published: Tue Sep 03 2024(Updated: )
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <=6.6.1\+240806 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.