3 matches found
CVE-2024-25977 Session Fixation
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser e.g. via XSS and prompt the victim to log in e.g. via a redirect to the login page. This results in the victim's account being taken over...
CVE-2024-25977 Session Fixation
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser e.g. via XSS and prompt the victim to log in e.g. via a redirect to the login page. This results in the victim's account being taken over...
HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...