CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9303

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 5.8

References

http://www.securityfocus.com/bid/98776
https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix
http://www.securityfocus.com/bid/98776
https://laravel-news.com/laravel-5-4-22-is-now-released-and-includes-a-security-fix

Products affected by CVE-2017-9303

Laravel » Laravel » Version: 5.4.0

cpe:2.3:a:laravel:laravel:5.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9303

Products

Pricing

Contact Us