Laravel 5.4.x Password-Reset URL Host Constraint Vulnerability
CVE-2017-9303 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:N
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
Learn more about our Phishing Simulation.