Description Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Remediation References CVE-2019-10641 Related Vulnerabilities WordPress Plugin Lightweight Sidebar Manager Cross-Site Request Forgery (1.1.4) WebLogic CVE-2023-21996 Vulnerability (CVE-2023-21996) WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (4.41) MySQL CVE-2015-4772 Vulnerability (CVE-2015-4772) WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.2) Severity Critical Classification CVE-2019-10641 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities