Steps to Reproduce:
Scenario Victim forgot to logout his/her Email Account on a Cafe/Internet Renting Shops. The Attacker Click the Reset Password link and because that Improper InValidation of Session on Password Reset Links lies in there. Attacker can gain access to Victim's Account.
Let me know if you need more information.