2 matches found
PT-2024-24349 · Npm · @Festify/Secure-Session
Name of the Vulnerable Software and Affected Versions: @festify/secure-session versions prior to 7.3.0 Description: The issue exists in the session removal process of @festify/secure-session. When a session is deleted, it is marked for deletion, but if an attacker gains access to the cookie, they...
CVE-2020-11036
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert1" reproduces the attack. This can be exploited by a user with administrator privileges i...