CVE-2017-18380
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
5 MEDIUM
Description
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:edx:edx-platform:*:*:*:*:*:*:*:* | n/a | 2017-08-03 | * |