Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the em…

Appsmith platform vulnerability allows attackers to manipulate Origin header values to redirect password reset and email verification links to attacker-controlled domains. The server fails to validate the Origin header before using it as the email link baseUrl. This leads to authentication token exposure and potential account takeover attacks. The vulnerability affects versions prior to 1.93 and has been patched in version 1.93. The attack vector exploits the email-based authentication flow by intercepting tokens meant for legitimate users.