HIGH🇵🇱 Wersja polska

CVE-2026-43935

CVSS 8.1v3.1pub. 2026-05-26

e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References