CSRF Vulnerability in SimpleRisk 20170614-001 Allows XSS Injection via User Parameter

CVE-2017-10711 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.

Learn more about our User Device Pen Test.