36 matches found
EUVD-2025-34674
A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61933
A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61933
A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61933 BIG-IP APM cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61933
CVE-2025-61933 is a reflected cross-site scripting (XSS) vulnerability in BIG-IP APM. Affected versions of BIG-IP APM include 17.5.0–17.5.1, 17.1.0–17.1.2, 16.1.0–16.1.6, and 15.1.0–15.1.10. The fixed releases are 17.5.1.3, 17.1.3, 16.1.6.1, and 15.1.10.8 respectively. The issue allows an attacke...
CVE-2025-61933 BIG-IP APM cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 Networks BIG-IP : BIG-IP APM XSS vulnerability (K000156596)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156596 advisory. A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP A...
F5 BIG-IP 跨站脚本漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of reflective cross-site scripting on an...
EUVD-2023-0208
Malicious code in bioql PyPI...
CVE-2023-27891
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1...
CVE-2025-22386
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable...
Optimizely Configured Commerce 安全漏洞
Optimizely Configured Commerce is a combined commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce prior to version 5.2.2408, which stems from a vulnerability that allows session tokens bound to logged out sessions to remain active and available...
Apache CloudStack 代码问题漏洞
Apache CloudStack is a set of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack, which stems from ...
BIT-ROUNDCUBE-2020-12626
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...
PT-2023-32363 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.0 through 16.3.5 GitLab CE/EE versions 16.4 through 16.4.1 GitLab CE/EE versions 16.5.0 Description: An issue has been discovered in GitLab CE/EE which may unintentionally disclose GitLab version metadata to...
File Manager Pro < 1.8 - Remote Code Execution via CSRF
Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. As a Super Admin, run the following code ...
File Manager Pro < 1.8 - Remote Code Execution via CSRF
Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...
PYSEC-2023-42
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1...
CVE-2023-27891
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1...
PT-2023-20160
Name of the Vulnerable Software and Affected Versions DataHub versions prior to 0.8.45 Description The issue concerns authentication checks using the AuthUtils.hasValidSessionCookie method, which could be bypassed by using a cookie from a logged out session. This is because session cookies are on...