Page 6 of 26 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. Laravel 5.4.x anterior a 5.4.22 no restringe adecuadamente la parte del host de una URL de restablecimiento de contraseña, lo que facilitaría a un atacante remoto realizar ataques de phishing especificando un host controlado por dicho atacante. • http://www.securityfocus.com/bid/98776 https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix • CWE-20: Improper Input Validation •