Lucene search
551230f0-3615-47bd-b7cc-93e92e730bbfNVD:CVE-2024-25977HistoryMay 29, 2024 - 1:15 p.m.
CVE-2024-25977
2024-05-2913:15:49
CWE-384
551230f0-3615-47bd-b7cc-93e92e730bbf
web.nvd.nist.gov
session token
account takeover
xss
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim’s browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim’s account being taken over.
Related
vulnrichment
vulnrichment
CVE-2024-25977 Session Fixation
2024-05-29 12:31:29
osv
osv
CVE-2024-25977
2024-05-29 13:15:49
cve
cve
CVE-2024-25977
2024-05-29 13:15:49
cvelist
cvelist
CVE-2024-25977 Session Fixation
2024-05-29 12:31:29
packetstorm
packetstorm
HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation
2024-05-28 00:00:00