ServiceNow 跨站脚本漏洞

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage digital workflows for enterprise operations. ServiceNow has a security vulnerability that stems from a reflected XSS vulnerability in the logout function. Affected products and versions: ServiceNow...

ServiceNow San Diego Patch 跨站脚本漏洞

ServiceNow San Diego Patch is a series of patches from ServiceNow USA. A cross-site scripting vulnerability exists in ServiceNow San Diego Patch 4b and Patch 6 and prior versions, which stems from allowing XSS in the logout function...

Cross-site Scripting (XSS) - Reflected in cortezaproject/corteza-server

Description The logout function doesn't clean/filter value of "back" parameter before reflecting into html code leading to Reflected XSS vulnerability. Proof of Concept Visit URL: https://latest.cortezaproject.org/auth/logout?back=%22%3E%3Cscript%3Ealertorigin%3C/script%3E%3C%22 Poc:...

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, there is a CSRF in your logout function. This will force admin to logout if he/she clicks on the link attacker gives him. Proof of Concept 1. Install phpmyfaq on your system. 2. Login as admin 3. Open this link /admin/index.php?action=logout 4. See that you are logged out of...

CVE-2021-39501

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

CVE-2021-39501

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

Open redirect

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

Cross site request forgery (csrf)

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...

Clario: Affiliates - Session Fixation

SEVERITY: Medium LOCATION: ● https://affiliates.kromtech.com ISSUE DESCRIPTION: User can use the same session token after logout. Attacker can repeat request with token that should be marked as invalidated. PROOF OF VULNERABILITY: Request made after Logout with the same cookie value. curl -i -s -...

Session Fixation

Apache Zeppelin is vulnerable to session fixation attacks. A remote attacker could exploit a flaw in the logout function to hijack a valid user session...

TP-Link TL-SG108E Denial of Service Vulnerability

The TP-Link TL-SG108E is a Gigabit Ethernet switch from China P&L TP-LINK. A denial of service vulnerability exists in the Device Logout function in the TP-Link TL-SG108E version 1.0.0 due to weak access control. A remote attacker can exploit the vulnerability to invoke the logout function and...

CVE-2017-17747

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition...

Cross site request forgery (csrf)

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

Reflected Cross-Site Scripting Vulnerability in YXcmsApp V1.4.3 'logout' Function

Yxcms is an enterprise building system based on PHP and mysql technology. A reflective cross-site scripting vulnerability exists in the YXcmsApp V1.4.3 'logout' function. It allows an attacker to construct an XSS statement to perform a pop-up box operation and obtain information such as user...

PHP Login Script v 2.3 SQL Injection vulnerability

Exploit for php platform in category web applications ================================================== PHP Login Script v 2.3 SQL Injection vulnerability ================================================== Exploit Title: PHP Login Script v 2.3 SQL Injection vulnerability. Date: 23/7 2010 Author:...