16 matches found
EUVD-2002-1828
Malware in sbrugna...
EUVD-2024-51520
Malicious code in bioql PyPI...
Hiro: Logout Bypass Vulnerability in Hiro.so
Summary A logout bypass vulnerability has been identified on platform.hiro.so, allowing users to regain access to their session after logging out simply by pressing the back button on the browser. This issue arises due to improper session invalidation and potential caching misconfigurations. If...
CVE-2024-13308
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...
CVE-2024-13308
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...
CVE-2024-13308 Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...
CVE-2024-13308 Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...
CVE-2024-13308
CVE-2024-13308 affects the Drupal Browser Back Button module. The vulnerability is an improper neutralization of input during web page generation (XSS) in the module’s back-button block, stemming from insufficient escaping of administrator-entered text. Affected versions: 1.0.0–2.0.2. Impact desc...
Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072
This module provides a block that renders a link providing the functionality of a browser's back button. The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...
Drupal Browser Back Button module 1.0.0-2.0.1 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Patrick Fey in WordPress Module Browser Back Button versions 1.0.0-2.0.1...
PT-2024-10135 · Drupal · Drupal Browser Back Button
Name of the Vulnerable Software and Affected Versions: Drupal Browser Back Button versions 1.0.0 through 2.0.2 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can enable a remote attacker to conduct...
CVE-2023-4910
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...
in snipe/snipe-it
Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.snipeitapp.com/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...
in zikula/core
Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...
WordPress WP-Predict Plugin 1.0 - Blind SQL Injection
No description provided by source. Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0 =====================...
Localize: Business logic Failure - Browser cache management and logout vulnerability.
Vulnerability class: Business logic Failure - Browser cache management and logout vulnerability. Vulnerability impact: Logging out from an application does not clear the browser cache of any sensitive information that have been stored. Steps to reproduce: 1. Login to portal. 2.browse few tabs 3...