CVE-2021-30185

CVE-2021-30185

CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.

Source: CVE-2021-30185