{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T02:09:03.088","vulnerabilities":[{"cve":{"id":"CVE-2024-42914","sourceIdentifier":"cve@mitre.org","published":"2024-08-23T19:15:07.010","lastModified":"2025-04-21T14:40:46.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords."},{"lang":"es","value":"Existe una vulnerabilidad de inyección de encabezado de host en la funcionalidad de contraseña olvidada de ArrowCMS versión 1.0.0. Al enviar un encabezado de host especialmente manipulado en la solicitud de contraseña olvidada, es posible enviar enlaces de restablecimiento de contraseña a los usuarios que, una vez que se hace clic, conducen a un servidor controlado por el atacante y, por lo tanto, filtran el token de restablecimiento de contraseña. Esto puede permitir que un atacante restablezca las contraseñas de otros usuarios."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arrowjs:arrowcms:1.0.0:*:*:*:*:node.js:*:*","matchCriteriaId":"22863EC0-AC16-413E-BD61-952012CAA8B3"}]}]}],"references":[{"url":"https://github.com/soursec/CVEs/tree/main/CVE-2024-42914","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/trquoccuong/ArrowCMS/","source":"cve@mitre.org","tags":["Product"]}]}}]}