Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
LimeSurvey Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2024-42903 - Vulnerability Database
LimeSurvey

LimeSurvey Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2024-42903

Medium
Reference: CVE-2024-42903
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-42903
Title: LimeSurvey Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.