Description
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.
Remediation
References
Related Vulnerabilities
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13402)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.5)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Unspecified Vulnerability (5.3.2)
WordPress Plugin link-list-manager Cross-Site Scripting (1.0)