CVE-2017-8385
CVE-2017-8385 affects Craft CMS prior to 2.6.2976. The vulnerability is that the forgot-password email URL can be modified by an attacker, indicating a URL forgery/URL tampering issue within the password-reset flow. The available documented impact is the ability to alter the reset URL, with no ex...