CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the...

PT-2022-27447 · Dragino · Dragino Lora Lg01

Name of the Vulnerable Software and Affected Versions: Dragino Lora LG01 18ed40 IoT version 4.3.4 Description: A Cross-Site Request Forgery issue was discovered in the logout page of the affected software. Recommendations: For Dragino Lora LG01 18ed40 IoT version 4.3.4, consider disabling the...

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description CSRF on logout functionality. Attacker able to logout the user by sending malicious link Proof of Concept Impact This vulnerability is capable of logout the user session Note This is not an attack, it is a kind of annoyance to the user , though it is a valid csrf . By Using post metho...

CVE-2021-32786 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

CVE-2017-17747

CVE-2017-17747 affects the TP-Link TL-SG108E, firmware 1.0.0, where the Logout.htm function has weak access control and can be called from any IP address. This allows an attacker to terminate an authenticated session on a target device, potentially triggering a denial-of-service condition and mak...

Open redirect

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...