CVE-2024-35049

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590...

CVE-2024-35049

SurveyKing v1.3.1 is affected by a session-management issue where users’ sessions remain active after logout, related to an incomplete fix for CVE-2022-25590. CVSSv3.1 base score 9.1 (CRITICAL) with network access, no privileges required, and no user interaction. Impact primarilyConfidentiality a...

PT-2024-26123 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.0 Description: The issue concerns session tokens that do not get properly invalidated when a user logs out. Specifically, the directus session is destroyed, and the cookie is deleted, but if the cookie value i...

PT-2024-26297 · Unknown · Surveyking

Name of the Vulnerable Software and Affected Versions: SurveyKing version 1.3.1 Description: The issue allows users' sessions to remain active after logout, which is related to an incomplete fix. Recommendations: For SurveyKing version 1.3.1, consider implementing a full logout mechanism to...

RHEL 7 : ovirt-engine (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ovirt-engine: webadmin log out must logout all sessions CVE-2016-6338 - ovirt-engine: API exposes power...

CVE-2023-40695

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938...

CVE-2024-33932 WordPress Login Logout Register Menu plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0...

CVE-2024-33932

CVE-2024-33932 is a Stored XSS in the WordPress plugin Login Logout Register Menu, rooted in Improper Neutralization of Input During Web Page Generation. Affected range: Login Logout Register Menu: from n/a through 2.0. The connected Red Hat entry and project descriptions indicate the issue is an...

PT-2024-12907 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue allows an authenticated user to impersonate another user on the system because the session is not invalidated after logout. Recommendations: For versions 10.4.1 throu...

PT-2024-25565 · Vinod Dalvi · Login Logout Register Menu

Name of the Vulnerable Software and Affected Versions: Vinod Dalvi Login Logout Register Menu versions n/a through 2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

PT-2024-25246 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A Cross-Site Scripting XSS issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

CMSimple v5.15 is affected by a Cross-Site Scripting (XSS) vulnerability in the Settings menu, specifically via the Logout parameter under Language. The root cause is insufficient input filtering, allowing an attacker to inject arbitrary web scripts/HTML. Consequences could include script executi...

WordPress Login Logout Register Menu plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Login Logout Register Menu versions = 2.0...

PT-2024-40005 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma affected versions not specified Description: The issue allows access to the platform despite authentication being enabled, as previously logged-in sessions remain valid. The expected behavior is that all previously connected...

GHSA-7FPJ-9HR8-28VH Keycloak vulnerable to impersonation via logout token exchange

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions...

Keycloak vulnerable to impersonation via logout token exchange

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions...

CVE-2023-0657

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions...