📄 Packet Storm Missing Cache Header

*Improper cache control-*
    
    The improper cache control vulnerability refers to a security flaw that
    arises when a web application does not properly manage or control caching
    mechanisms. Caching is an essential technique used to improve performance
    by storing frequently accessed data in temporary storage, such as the
    client's browser or intermediate proxy servers. However, when caching is
    not adequately controlled, sensitive or private information may be
    inadvertently stored and exposed to unauthorized users.
    
    *Steps to reproduce-*
    
    1) Go To site settings
    2) Do logout
    3) click back you can see sensitive info
    
    *Impact-*
    
    Exploiting the improper cache control vulnerability can have serious
    consequences, including the following: a. Information Disclosure: Sensitive
    user data, such as personal information, authentication tokens, or
    confidential documents, may be cached on intermediate systems or the
    client's browser. This can lead to unauthorized access, data leakage, or
    identity theft.
    
    Cache Poisoning: Attackers can manipulate the cached data to serve
    malicious content to unsuspecting users, leading to various attacks, such
    as cross-site scripting (XSS), drive-by downloads, or injection attacks.
    
    
    ---
    Packet Storm note:
    
    2025/10/13: 
    
    We were indeed missing a cache header for the page in question.  There wasn't a mechanism to commit cache poisoning or xss, but as shared computing is a thing, we addressed it so local caches did not persist post logout.  We would like to extend our thanks to Shivang Singhal for reporting the issue.