CVE-2015-2286 in edx-platforminfo

Summary

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/12/2015

Disclosure

03/19/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
81390	Open edX edx-platform Password Reset footer-edx-new.html information disclosure	200	Not defined	Official fix	CVE-2015-2286

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸