PT-2026-41880

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

EUVD-2022-55943

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the...

CVE-2023-22286

Cross-site request forgery CSRF vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the input validation process. An attacker can manipulate the output seen by other users by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

CVE-2024-3982

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator...

ROS-20240503-08

Vulnerability in the ECDSA private key signature generation component of the client software for various Putty remote access protocols is related to the possibility of secret key recovery. key. Exploitation of the vulnerability could allow a remote intruder to hijack a session by recovering the...

Citadel 安全漏洞

Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 932, which originates from a vulnerability that allows an attacker to store a victim's email message in the attacker's IMAP mailbox, which can be exploited by an...

CVE-2022-33927

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session...

CVE-2022-33927

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session...

Unspecified vulnerability in DELL EMC AppSync (CNVD-2022-06705)

DELL EMC AppSync is a replication data management software from Dell USA Inc. A security vulnerability exists in DELL EMC AppSync due to the use of the GET request method with sensitive query strings in DELL EMC AppSync versions 3.9 through 4.3. . An attacker could use this vulnerability to hijac...

Sonicwall SonicOS 6.5.4 Cross Site Scripting

Document Title: =============== Sonicwall SonicOS 6.5.4 - Cross Site Scripting Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2272 Release Date: ============= 2021-10-18 Vulnerability Laboratory ID VL-ID:...

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

Session fixation

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

CVE-2021-22927

CVE-2021-22927 affects Citrix ADC and Citrix Gateway when configured as a SAML Service Provider. The vulnerability is a session fixation flaw that could allow an attacker to hijack a user session. Affected versions include Citrix ADC/Gateway 13.0 before 13.0-82.45 (and older 12.1/11.1 lines as li...

CVE-2021-23845 B426 Web Configuration Authentication Bypass

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...

Cross-site Scripting (XSS) - Generic in blackcatdevelopment/blackcatcms

✍️ Description 'Display name' Cross Site Scripting XSS 🕵️‍♂️ Proof of Concept 1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert1 " this XSS payload on Display name field and click on the Save button. 2...

Oracle PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS Vulnerabilities

PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability. 1. ADVISORY INFORMATION Title: Multiple XSS POST request Vulnerabilities in TestServlet PeopleSoft Advisory ID: ERPSCAN-17-037 Advisory URL:...

CVE-2016-6043

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced...

SAP NetWeaver 7.3 AS Java XSS in CAFAdapterTest servlet

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.3 Vendor URL: SAP Bug: XSS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2405943 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...