CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
34.8%
Password reset form is vulnerable to CSRF between time reset password link is clicked and user submits new password.
PR forthcoming
None
github.com/advisories/GHSA-r3c9-9j5q-pwv4
github.com/OpenMage/magento-lts/releases/tag/v19.4.22
github.com/OpenMage/magento-lts/releases/tag/v20.0.19
github.com/OpenMage/magento-lts/security/advisories/GHSA-r3c9-9j5q-pwv4
hackerone.com/reports/1086752
nvd.nist.gov/vuln/detail/CVE-2021-21395
packagist.org/packages/openmage/magento-lts