CVE-2024-42915

A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt