Summary:
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Published:
Wednesday, March 25, 2020 - 23:15
cvss:
5.0