VYPR

ArrowCMS

by ArrowCMS

CVEs (1)

  • CVE-2024-42914CriAug 23, 2024
    risk 0.59cvss 9.1epss 0.01

    A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an…