{"id":"CVE-2017-18380","details":"edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.","modified":"2026-04-10T03:59:56.002315Z","published":"2019-07-30T13:15:13.310Z","references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/openedx-announce/QTvijt48bAY"},{"type":"FIX","url":"https://github.com/edx/edx-platform/pull/15773"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/edx/edx-platform","events":[{"introduced":"0"},{"fixed":"78708e41e926d7d3bb18aa6a81edff1c22d609d7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2017-08-03"}]}}],"versions":["release-2016-12-14","release-2016-12-20","release-2017-01-04","release-2017-01-05","release-2017-01-10","release-2017-01-12","release-2017-01-18","release-2017-01-19","release-2017-01-20","release-2017-01-23","release-2017-01-24-11.34","release-2017-01-24-13.56","release-2017-01-24-14.03","release-2017-01-24-14.42","release-2017-01-24-16.28","release-2017-01-24-16.53","release-2017-01-25","release-2017-01-26-11.01","release-2017-01-27-10.25","release-2017-01-30-11.59","release-2017-01-31-10.55","release-2017-02-02-10.47","release-2017-02-03-10.45","release-2017-02-06-10.01","release-2017-02-07-10.46","release-2017-02-08-12.19","release-2017-02-10-11.52","release-2017-02-15-12.20","release-2017-02-15-13.29","release-2017-02-16-10.22","release-2017-02-16-12.24","release-2017-02-24-11.41","release-2017-02-27-10.28","release-2017-02-28-10.53","release-2017-03-02-10.54","release-2017-03-03-10.27","release-2017-03-06-10.08","release-2017-03-08-10.55","release-2017-03-09-14.39","release-2017-03-09-14.55","release-2017-03-09-15.41","release-2017-03-10-10.52","release-2017-03-13-10.55","release-2017-03-16-10.15","release-2017-03-17-10.23","release-2017-03-20-10.15","release-2017-03-24-10.31","release-2017-03-27-11.36","release-2017-03-27-14.50","release-2017-03-28-10.35","release-2017-03-29-10.46","release-2017-03-30-10.19","release-2017-03-31-10.31","release-2017-04-04-16.57","release-2017-04-06-10.13","release-2017-04-07-10.37","release-2017-04-11-09.47","release-2017-04-12-10.02","release-2017-04-13-13.13","release-2017-04-14-10.45","release-2017-04-18-10.48","release-2017-04-19-11.07","release-2017-04-20-11.19","release-2017-04-26-10.55","release-2017-04-27-13.54","release-2017-05-01-12.06","release-2017-05-02-10.39","release-2017-05-03-11.26","release-2017-05-04-10.04","release-2017-05-05-10.55","release-2017-05-08-11.05","release-2017-05-08-13.55","release-2017-05-09-10.12","release-2017-05-12-09.54","release-2017-05-16-15.56","release-2017-05-17-12.16","release-2017-05-19-12.18","release-2017-05-23-10.10","release-2017-05-24-11.05","release-2017-05-25-10.12","release-2017-05-30-10.20","release-2017-05-31-11.18","release-2017-06-01-12.14","release-2017-06-05-10.46","release-2017-06-07-10.37","release-2017-06-09-10.25","release-2017-06-13-09.54","release-2017-06-14-10.56","release-2017-06-14-14.18","release-2017-06-15-10.10","release-2017-06-16-09.46","release-2017-06-19-11.39","release-2017-06-20-10.33","release-2017-06-21-12.22","release-2017-06-22-10.40","release-2017-06-23-13.54","release-2017-06-26-12.11","release-2017-06-27-09.53","release-2017-06-28-11.31","release-2017-06-29-10.31","release-2017-06-30-10.42","release-2017-06-30-14.04","release-2017-07-05-11.40","release-2017-07-06-10.17","release-2017-07-10-12.54","release-2017-07-11-11.04","release-2017-07-13-10.42","release-2017-07-14-10.08","release-2017-07-18-11.53","release-2017-07-19-11.31","release-2017-07-20-10.39","release-2017-07-21-10.41","release-2017-07-24-13.06","release-2017-07-25-11.43","release-2017-07-25-17.42","release-2017-07-25-20.52","release-2017-07-25-23.50","release-2017-07-27-09.38","release-2017-07-28-10.29","release-2017-07-31-13.01","release-2017-08-01-10.30","release-2017-08-02-10.16"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18380.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}