CVE-2017-10711

CVE-2017-10711

EPSS 0.7%

In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.seekurity.com/blog/general/reflected-xss-vulnerability-in-simplerisk/https://www.youtube.com/watch?v=jOUKEYW0RQw