Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-2286

Published: 19/03/2016 Updated: 22/03/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Edx

Vulnerability Summary

lms/templates/footer-edx-new.html in Open edX edx-platform prior to 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote malicious users to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.

Vulnerable Product Search on Vulmon Subscribe to Product

edx open edx

References

CWE-200https://open.edx.org/CVE-2015-2286https://github.com/edx/edx-platform/commit/a1ffcc52594b1e7240501aab0ea145f1da3edb5ahttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook