6 matches found
CVE-2026-41839
A flaw was found in Spring Framework. A remote attacker, by compromising a subdomain of a WebFlux application for example, through cross-site scripting XSS, could exploit this vulnerability to escalate privileges. This allows the attacker to exchange a known session ID for that of an authenticate...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the session management API due to a missing permission check. An attacker can impersonate other users and access sensitive resources by updating sessions if they know the session ID. Remediation Upgrade...
PT-2023-23982 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: An unauthorized user can access the...
CVE-2022-44007
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...
GHSA-H564-6GC2-FCC6 Mattermost Server allows users with a session ID to revoke another users' session
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...
Fat Free CRM CSRF / SQL Injection / Known Secret
To whom it may concern: A rather informal advisory on Fat Free CRM http://fatfreecrm.com/: Timeline: Aug 27th 2013 Initial email containing the findings listed below including a note that there more vulnerabilities which just need to be verified. Send to [email protected] and...