CSRF Vulnerability in SimpleRisk 20170614-001 Allows XSS Injection via User Parameter
CVE-2017-10711 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.
Learn more about our User Device Pen Test.