Pricing Enterprise

CVE-2017-8385

5.3MEDIUM

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

Published: 5/1/2017Updated: 4/20/2025

View on NVD View on MITRE

Description

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

AI AnalysisPowered by AI

Affected Products

craftcmscraft_cms

References

https://craftcms.com/changelog#2-6-2976
Release NotesVendor Advisory
https://twitter.com/CraftCMS/status/857743080224473088
Third Party Advisory
https://craftcms.com/changelog#2-6-2976
Release NotesVendor Advisory
https://twitter.com/CraftCMS/status/857743080224473088
Third Party Advisory