AI Score
Confidence
High
EPSS
Percentile
39.3%
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
github.com/craftcms/cms
github.com/craftcms/cms/blob/2.6.2976/CHANGELOG.md#security
github.com/craftcms/cms/commit/38c594badc8efc468b6162ec921d645011a50d35
nvd.nist.gov/vuln/detail/CVE-2017-8385
twitter.com/CraftCMS/status/857743080224473088