RSS   Vulnerabilities for 'Thingsboard'   RSS

2020-12-18
 
CVE-2020-27687

CWE-74
 

 
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.

 


Copyright 2024, cxsecurity.com

 

Back to Top