CVE-2017-18380

openedx/edx-platform

on github

Published

July 30, 2019

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

5 MEDIUM

Description

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:edx:edx-platform::::::::	n/a	2017-08-03	*

External Links

NVD - CVE-2017-18380