{
  "id": "CVE-2024-42903",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-09-03T18:15:08.663",
  "lastModified": "2024-09-03T19:40:46.783",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/LimeSurvey/LimeSurvey/compare/6.6.0+240729...6.6.1+240806",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/LimeSurvey/LimeSurvey/pull/3920",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42903",
      "source": "cve@mitre.org"
    }
  ]
}