CVE-2017-18380
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
Date published : 2019-07-30
https://groups.google.com/forum/#%21topic/openedx-announce/QTvijt48bAY