CVE-2016-10073

Name of the Vulnerable Software and Affected Versions Vanilla Forums versions prior to 2.3.1

Description The issue allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header. This can be demonstrated by a password reset request.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset functionality until the update is applied.