CVE-2022-37783
Craft CMS versions 3.0.0–3.7.32 disclose user password hashes via the CRAFT_CSRF_TOKEN cookie and corresponding HTML field; the hash can be decoded using Yii public functions. Impact is password hash disclosure (confidentiality). No explicit exploit details or fixed versions are provided in the c...