{"id":"CVE-2017-10711","details":"In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.","modified":"2026-07-08T15:10:57.692124Z","published":"2017-07-24T13:29:00.180Z","references":[{"type":"EVIDENCE","url":"https://www.seekurity.com/blog/general/reflected-xss-vulnerability-in-simplerisk/"},{"type":"EVIDENCE","url":"https://www.youtube.com/watch?v=jOUKEYW0RQw"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simplerisk/code","events":[{"introduced":"ab1d8ea1fe0a72607c94859ad2c5fc49a3502db2"},{"last_affected":"ab1d8ea1fe0a72607c94859ad2c5fc49a3502db2"}],"database_specific":{"cpe":"cpe:2.3:a:simplerisk:simplerisk:20170614-001:*:*:*:*:*:*:*","extracted_events":[{"introduced":"20170614-001"},{"last_affected":"20170614-001"}],"source":"CPE_STRING"}}],"versions":["20170614-001"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-10711.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}