Xenx

**Name of the Vulnerable Software and Affected Versions** Magneto LTS versions prior to 19.4.22 Magneto LTS versions prior to 20.0.19 **Description** The password reset form in Magneto LTS is vulnerable to Cross-Site Request Forgery (CSRF) between the time the reset password link is clicked and the user submits a new password. **Recommendations** For versions prior to 19.4.22, update to version 19.4.22 to resolve the issue. For versions prior to 20.0.19, update to version 20.0.19 to resolve the issue.