bug-bounty498
google349
xss301
microsoft292
facebook262
rce211
exploit199
malware169
apple161
cve136
account-takeover115
bragging-post102
privilege-escalation95
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain67
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering55
react52
access-control52
input-validation49
cross-site-scripting48
cloudflare47
aws47
docker46
lfi46
web-security46
sql-injection45
smart-contract45
web-application44
ethereum44
web343
oauth43
defi43
ctf43
node42
pentest39
open-source39
race-condition39
idor37
cloud37
burp-suite36
info-disclosure36
auth-bypass35
0
5/10
vulnerability
CVE-2017-10711 is a reflected XSS vulnerability in SimpleRisk's password reset form where the 'user' parameter is echoed directly without sanitization, allowing attackers to execute arbitrary JavaScript and steal session cookies or hijack user sessions via CSRF.
reflected-xss
cve-2017-10711
simplerisk
input-sanitization
password-reset
csrf
session-hijacking
cookie-theft
CVE-2017-10711
SimpleRisk
Mohamed A. Baset
reset.php