95 matches found
CVE-2023-31292
An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...
WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)
Software Back Button Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ff3d6bccb6d Credits Ngô Thiên An ancorn from VNPT-VCI...
CVE-2023-4910
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...
PT-2023-5466 · Red Hat · 3Scale Admin Portal
Name of the Vulnerable Software and Affected Versions: 3Scale Admin Portal affected versions not specified Description: A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the...
GHSA-G66V-3V62-G375 RosarioSIS improper access control vulnerability
RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...
RosarioSIS improper access control vulnerability
RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...
PT-2023-18362 · Unknown · Rosariosis
Name of the Vulnerable Software and Affected Versions: RosarioSIS versions prior to 10.9.3 Description: The issue allows a user to access a page containing personally identifiable information PII and sensitive information after logging out of the application by using the browser's back button. Th...
Browser back attack vulnerability
Description rosariosis has a vulnerability that allows user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button. This issue poses a significant risk to the confidentiality of...
JGraph draw.io 跨站脚本漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application for JGraph. A cross-site scripting vulnerability exists in JGraph draw.io versions prior to 20.3.0, which stems from the application using a parameter to specify a url on the refresh and back buttons, assigning it to...
in snipe/snipe-it
Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.snipeitapp.com/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...
in zikula/core
Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...
Combodo iTop 代码问题漏洞
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...
PT-2021-9738 · Comodo +1 · Combodo Itop +1
Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 Description: The issue concerns the caching of admin pages in Combodo iTop, allowing their content to be visible after disconnection by using the browser back button...
Cuckoo Clock v5.0 - Buffer Overflow
Exploit Title: Cuckoo Clock 5.0 - Buffer Overflow Exploit Author: boku Date: 2020-02-14 Vendor Homepage: https://en.softonic.com/author/pxcompany Software Link: https://en.softonic.com/download/parallaxis-cuckoo-clock/windows/post-download Version: 5.0 Tested On: Windows 10 32-bit Recreate: 1...
CVE-2019-4072
IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...
PT-2019-16881 · Ibm · Ibm Tivoli Storage Productivity Center
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Productivity Center versions 5.2.1 through 5.2.17 Description: The issue allows users to remain idle within the application even after logging out, and by utilizing the application's back button, users can remain logged in...
Code injection
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...
CVE-2017-11725
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...
CVE-2017-11725
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...
CVE-2017-11725
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections...