Medium severity5.3NVD Advisory· Published May 1, 2017· Updated Jun 17, 2026
CVE-2017-8385
CVE-2017-8385
Description
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
craftcms/cmsPackagist | < 2.6.2976 | 2.6.2976 |
Affected products
2Patches
Vulnerability mechanics
References
6- craftcms.com/changelognvdRelease NotesVendor Advisory
- github.com/advisories/GHSA-j27g-r58q-624wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8385ghsaADVISORY
- twitter.com/CraftCMS/status/857743080224473088nvdThird Party AdvisoryWEB
- github.com/craftcms/cms/blob/2.6.2976/CHANGELOG.mdghsaWEB
- github.com/craftcms/cms/commit/38c594badc8efc468b6162ec921d645011a50d35ghsaWEB
News mentions
0No linked articles in our index yet.