CVE-2021-30185

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.




twitter facebook youtube