CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System

Hi Guys,

Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself

What is SimpleRisk?

SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. SimpleRisk allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.

SimpleRisk sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations. Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.

Continue reading “CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System”

Share

Stored XSS in the heart of the Russian email provider giant (Mail.ru)

Hi, I’m Seif Elsallamy a bug hunter from Seekurity Team, Today i will show you a critical reflected Cross Site Scripting bug affecting mail.ru and could be used as an XSS worm but first let’s dive into some general information.

Continue reading “Stored XSS in the heart of the Russian email provider giant (Mail.ru)”

Share

RunKeeper Stored XSS Vulnerability – Where worms are able to run too!

 

RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

Continue reading “RunKeeper Stored XSS Vulnerability – Where worms are able to run too!”

Share