Lucene search
B1tch3sEFE6EF47-D17C-4773-933A-4836C32DB85CHistoryApr 05, 2023 - 8:07 a.m.
Browser back attack vulnerability
2023-04-0508:07:41
b1tch3s
www.huntr.dev
10
vulnerability
sensitive information
user privacy
pii
browser's back button
confidentiality
owasp reference
bug bounty
data access
0.001 Low
EPSS
Percentile
35.4%
Description
rosariosis has a vulnerability that allows user to return to a page containing personally identifiable information (PII) and sensitive information even after logging out of the application by using the browser’s back button. This issue poses a significant risk to the confidentiality of sensitive data and user privacy.
Steps to reproduce
- Login to rosariosis and navigate to pages that displays PII
example = /Modules.php?modname=Users/User.php&category_id=1&staff_id=4 - Log yourself out from the application
- Pressed the browser’s back button and it will return to the page that the user visited recently
Recommendations:
Please check owasp reference for the fixes
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
Related
osv
osv
CVE-2023-2202
2023-04-21 02:15:07
RosarioSIS improper access control vulnerability
2023-04-21 03:30:36
cvelist
cvelist
CVE-2023-2202 Improper Access Control in francoisjacquet/rosariosis
2023-04-21 00:00:00
veracode
veracode
Improper Access Control
2023-05-01 21:59:01
cve
cve
CVE-2023-2202
2023-04-21 02:15:07
prion
prion
Improper access control
2023-04-21 02:15:00
nvd
nvd
CVE-2023-2202
2023-04-21 02:15:07
github
github
RosarioSIS improper access control vulnerability
2023-04-21 03:30:36