Lucene search
K

95 matches found

Vulnrichment
Vulnrichment
added 2023/12/29 12:0 a.m.7 views

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

5.4AI score0.00172EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.12 views

WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Back Button Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ff3d6bccb6d Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.5AI score0.00328EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/06 1:15 p.m.4 views

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

5.5CVSS5.8AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.6 views

PT-2023-5466 · Red Hat · 3Scale Admin Portal

Name of the Vulnerable Software and Affected Versions: 3Scale Admin Portal affected versions not specified Description: A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the...

5.5CVSS5.1AI score0.00212EPSS
Exploits0References9
OSV
OSV
added 2023/04/21 3:30 a.m.8 views

GHSA-G66V-3V62-G375 RosarioSIS improper access control vulnerability

RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...

6.5CVSS5.2AI score0.00538EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/04/21 3:30 a.m.17 views

RosarioSIS improper access control vulnerability

RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...

6.5CVSS5.7AI score0.00538EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.6 views

PT-2023-18362 · Unknown · Rosariosis

Name of the Vulnerable Software and Affected Versions: RosarioSIS versions prior to 10.9.3 Description: The issue allows a user to access a page containing personally identifiable information PII and sensitive information after logging out of the application by using the browser's back button. Th...

6.5CVSS4.6AI score0.00538EPSS
Exploits0References8
Huntr
Huntr
added 2023/04/05 8:7 a.m.19 views

Browser back attack vulnerability

Description rosariosis has a vulnerability that allows user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button. This issue poses a significant risk to the confidentiality of...

4CVSS6.1AI score0.00538EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.3 views

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 20.3.0, which stems from the application using a parameter to specify a url on the refresh and back buttons, assigning it to...

6.1CVSS4.9AI score0.00518EPSS
Exploits1References3
Huntr
Huntr
added 2021/10/04 1:1 p.m.7 views

in snipe/snipe-it

Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.snipeitapp.com/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/17 5:31 p.m.9 views

in zikula/core

Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.4 views

Combodo iTop 代码问题漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...

6.8CVSS6.6AI score0.00764EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/01/13 12:0 a.m.6 views

PT-2021-9738 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 Description: The issue concerns the caching of admin pages in Combodo iTop, allowing their content to be visible after disconnection by using the browser back button...

9.8CVSS7AI score0.25573EPSS
Exploits11References63
Exploit DB
Exploit DB
added 2020/02/17 12:0 a.m.154 views

Cuckoo Clock v5.0 - Buffer Overflow

Exploit Title: Cuckoo Clock 5.0 - Buffer Overflow Exploit Author: boku Date: 2020-02-14 Vendor Homepage: https://en.softonic.com/author/pxcompany Software Link: https://en.softonic.com/download/parallaxis-cuckoo-clock/windows/post-download Version: 5.0 Tested On: Windows 10 32-bit Recreate: 1...

7.4AI score
Exploits0
OSV
OSV
added 2019/05/09 3:29 p.m.3 views

CVE-2019-4072

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...

6.3CVSS6AI score0.00812EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/05/09 12:0 a.m.4 views

PT-2019-16881 · Ibm · Ibm Tivoli Storage Productivity Center

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Productivity Center versions 5.2.1 through 5.2.17 Description: The issue allows users to remain idle within the application even after logging out, and by utilizing the application's back button, users can remain logged in...

6.5CVSS4.7AI score0.00812EPSS
Exploits0References3
Prion
Prion
added 2017/07/29 5:29 a.m.14 views

Code injection

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

5.8CVSS6.4AI score0.00567EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/07/29 5:29 a.m.15 views

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

5.8CVSS5.5AI score0.00567EPSS
Exploits0References1
OSV
OSV
added 2017/07/29 5:29 a.m.3 views

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

5.4CVSS5.8AI score0.00567EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/07/29 5:0 a.m.19 views

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...

5.5AI score0.00567EPSS
Exploits0References1
Rows per page
Query Builder