Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Umbraco Password Reset URL Poison
Vulnerability Description
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
Umbraco 环境问题漏洞
Vulnerability Description
Umbraco是丹麦Umbraco公司的一套C#编写的开源的内容管理系统(CMS)。 Umbraco CMS 存在环境问题漏洞,攻击者能够更改用户在重置密码时收到的 URL,使其指向攻击者服务器,当用户点击此链接时,重置令牌可以被攻击者拦截,从而导致帐户接管。
CVSS Information
N/A
Vulnerability Type
N/A