Description
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Remediation
References
Related Vulnerabilities
Ruby Resource Management Errors Vulnerability (CVE-2014-2734)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0272)
WordPress Plugin WordPress Related Posts Cross-Site Scripting (3.6.4)
WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (4.41)