Description

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

Remediation

References

CVE-2017-8385

Related Vulnerabilities

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10934)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)

MediaWiki Resource Management Errors Vulnerability (CVE-2015-2937)

Joomla Improper Input Validation Vulnerability (CVE-2021-26029)

Severity

Medium

Classification

CVE-2017-8385 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities