Description
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
Remediation
References
Related Vulnerabilities
WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Request Forgery (1.3.3)
Moodle Other Vulnerability (CVE-2006-4941)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.21)
WordPress Plugin Google AdSense by BestWebSoft Cross-Site Scripting (1.29)
WordPress Plugin Product Limited Time Availability Date for woocommerce Cross-Site Scripting (1.0.1)