Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
This is how the "Host" header works in general. No vulnerability is present
Host Header Injection on Password-Reset Functionality Causes Unauthorized Redirect to Attacker-Controlled Domain Where a Users Could be Tricked into Entering Account Credentials for Account Takeover or PII Leak
Disclosed by Imshadab18- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 7 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by Imshadab18
Disclosing this would show others that I am active