Description
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
Remediation
References
Related Vulnerabilities
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-34305)
WordPress Plugin Yoast SEO Cross-Site Scripting (2.1.1)
WordPress Plugin WP Events Calendar 'event_id' Parameter SQL Injection (6.5.2)
WordPress Plugin Allow REL= and HTML in Author Bios Cross-Site Scripting (.1)