Drupal insecure default leads to password reset poisoning
Drupal insecure default leads to password reset poisoning
https://www.fortbridge.co.uk/research/drupal-insecure-default-leads-to-password-reset-poisoning/
https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning
…