-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| FullStackHero.WebAPI.Boilerplate | nuget | >= 1.0.0, <= 1.0.1 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly mentions host header injection in the forgot password functionality. In ASP.NET Core implementations, password reset logic typically resides in AccountController. The vulnerability stems from using the attacker-controlled Host header value when generating password reset links, rather than validating()/using a configured domain. While exact code isn't available, the pattern matches CWE-200 scenarios where untrusted input (Host header) directly influences sensitive output (reset URLs).