PT-2017-11445 · Simplerisk · Simplerisk

Published

2017-07-24

Updated

2017-08-10

CVE-2017-10711

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SimpleRisk version 20170614-001

Description A CSRF attack on the 'reset.php' endpoint, specifically the Send Password Reset Email form, can insert XSS sequences via the user parameter.

Recommendations For version 20170614-001, consider disabling the Send Password Reset Email form temporarily until a patch is available to prevent CSRF attacks that could lead to XSS sequence insertion. Restrict access to the 'reset.php' endpoint to minimize the risk of exploitation. Avoid using the user parameter in the affected form until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-10711

Affected Products

Simplerisk

PT-2017-11445 · Simplerisk · Simplerisk

CVE-2017-10711

Weakness Enumeration

Related Identifiers

Affected Products

References · 4