Description
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13)
Oracle JRE CVE-2017-10285 Vulnerability (CVE-2017-10285)
PHP Out-of-bounds Write Vulnerability (CVE-2021-21704)
Internet Information Services Other Vulnerability (CVE-2002-1180)
WordPress Plugin Login rebuilder Cross-Site Request Forgery (1.1.3)