5 matches found
CVE-2017-18380
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...
CVE-2017-18380
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...
CVE-2017-18380
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...
CVE-2017-18380
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...
CVE-2017-18380
CVE-2017-18380 affects edx-platform (pre-2017-08-03). The issue allows an attacker to trigger password-reset emails where the reset link uses an attacker-controlled domain name, enabling potential phishing or credential harvesting vectors. Documented impact: ability to cause user-facing reset mes...