Description
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Remediation
References
Related Vulnerabilities
Django Other Vulnerability (CVE-2015-3982)
Drupal Core 8.6.x Cross-Site Scripting (8.6.0 - 8.6.14)
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)
WordPress Plugin Newsletters Cross-Site Scripting (4.6.18)
Internet Information Services Other Vulnerability (CVE-1999-0449)