40 matches found
EUVD-2021-12815
Malware in sbrugna...
EUVD-2021-12817
Malware in sbrugna...
EUVD-2021-12816
Malware in sbrugna...
EUVD-2021-12813
Malware in sbrugna...
EUVD-2021-12814
Malware in sbrugna...
CVE-2021-25992
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks...
CVE-2021-25992
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks...
Design/Logic Flaw
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks...
CVE-2021-25992
CVE-2021-25992 (Ifme) affects Ifme versions 1.0.0–7.33.2, where sessions aren’t properly invalidated after logout, enabling reuse of admin cookies via local/network or other attacks. The vulnerability stems from inadequate session invalidation, with high-severity impact (CVE entries report possib...
CVE-2021-25992 ifme - Insufficient Session Expiration
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks...
Ifme 代码问题漏洞
Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. A code issue vulnerability exists in Ifme versions 1.0.0 through v.7.33.2 that stems from a failure to properly invalidate a user's session even after the user...
ifme notifications section cross-site scripting vulnerability
Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. Ifme suffers from a cross-site scripting vulnerability in versions v1.0.0 through v7.31.4, which stems from a lack of checksum filtering of user-supplied and output...
Ifme Access Control Error Vulnerability
Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. Ifme suffers from an access control error vulnerability that can be exploited by an attacker to cause an administrator to deactivate and completely lose administrat...
ifme Cross-Site Scripting Vulnerability
Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. Ifme suffers from a cross-site scripting vulnerability in versions v7.22.0 through v7.31.4, which stems from a lack of checksum filtering of user-supplied data and...
CVE-2021-25988
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability notifications section which can be directly triggered by sending an ally request to the admin...
CVE-2021-25990
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe...
CVE-2021-25991
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme...
CVE-2021-25988
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability notifications section which can be directly triggered by sending an ally request to the admin...
CVE-2021-25989
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them...
CVE-2021-25991
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme...