CVE-2017-10711

{"id": "CVE-2017-10711", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-07-24T13:29:00.180", "references": [{"url": "https://www.seekurity.com/blog/general/reflected-xss-vulnerability-in-simplerisk/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=jOUKEYW0RQw", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.seekurity.com/blog/general/reflected-xss-vulnerability-in-simplerisk/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.youtube.com/watch?v=jOUKEYW0RQw", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter."}, {"lang": "es", "value": "En SimpleRisk versi\u00f3n 20170614-001, un ataque de tipo CSRF en el archivo reset.php (tambi\u00e9n se conoce como Formulario de Env\u00edo de Contrase\u00f1a de Restablecimiento de Correo Electr\u00f3nico) puede insertar secuencias XSS por medio del par\u00e1metro user."}], "lastModified": "2024-11-21T03:06:19.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simplerisk:simplerisk:20170614-001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "436534FF-B01F-41F0-949A-45B1EAF56C23"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}