CVE-2024-42915
Published
CVSS v3
8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
An online portal for college where institute can perform the appraisal and evaluation process.
GitHub