Description Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Remediation References CVE-2019-10641 Related Vulnerabilities Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5335) WordPress Plugin GS Logo Slider-Ticker, Grid, List, Table & Filter Views Unspecified Vulnerability (3.3.8) Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3502) WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Open Redirect (3.8.2.2) WordPress Plugin Helpful Cross-Site Scripting (4.4.58) Severity Critical Classification CVE-2019-10641 CWE-640 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities