EUVD-2025-209889

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...

SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

GHSA-CVRM-5HP6-H523 SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

Code-Projects Simple Stock System SQL注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. Code-Projects Simple Stock System version 1.0 suffers from a SQL injection vulnerability that stems from a misuse of the parameter uname in file /logout.php, which could lead to a SQL injection attack...

CVE-2025-66963

CVE-2025-66963 : A vulnerability in Hitron HI3120 firmware v7.2.4.5.2b1 allows a local attacker to disclose sensitive information via the Logout option in the router’s index.html page. The connected sources consistently reference this model/version and the logout-handling flow as the issue origin...

EUVD-2022-48128

Malicious code in bioql PyPI...

CVE-2022-45228

Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page...

Umbraco CMS logout page displayed before session expiration

Impact The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are...

User may be redirected to On-premises AAA Logout Page after Logging off Citrix Cloud

When you deploy an on-premises Citrix GatewayNetScaler Gateway as the OAuth IDP for Citrix Cloud. User may be redirected toon-premises IDP logout page/vpn/tmlogout.html instead of Citrix Cloud login page after logging out Citrix Cloud. For example, you have the following URLs: Citrix Cloud URL:...

CVE-2022-45228

Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page...

CVE-2022-45228

Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page...

CVE-2022-45228

Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page...

Dragino Lora LG01 18ed40 IoT 跨站请求伪造漏洞

Dragino Lora LG01 18ed40 IoT is a gateway portal from Dragino, Inc. A security vulnerability exists in Dragino Lora LG01 18ed40 IoT version v4.3.4, which stems from the inclusion of cross-site request forgery in the logout page...

CVE-2019-3754

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could...

Mail.ru: Open Redirect In passport.maps.me/logout/?next=//fb.com/

Open redirect on passport.maps.me page...

GHSA-49H4-G8P5-JGQ6 Moderate severity vulnerability that affects org.apache.juddi:juddi-client

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

Design/Logic Flaw

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

Open Redirect

Apache jUDDI is vulnerable to open redirect attacks. There is a flaw which leads the logout jsp page to redirect to the login page after logging out of the portal. Therefore, a malicious user can use the flaw to redirect to an unintended web page. This would be done after the clearing of user...