Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring Security 5.7.x series prior to 5.7.8, 5.8.x series prior to 5.8.3, and 6.0.x series prior...

CVE-2023-20862

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the...

CVE-2023-20862

In CVE-2023-20862, the Spring Security logout flow fails to properly clean the security context when serialized contexts are used, and saving an empty security context to HttpSessionSecurityContextRepository is blocked. Affected versions are Spring Security 5.7.x prior to 5.7.8, 5.8.x prior to 5....

PT-2023-9021 · Spring · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security versions 5.7.x through 5.7.7 Spring Security versions 5.8.x through 5.8.2 Spring Security versions 6.0.x through 6.0.2 Description: The issue is related to the logout support not properly cleaning the security context if using...

CVE-2022-46389

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the...

ServiceNow 跨站脚本漏洞

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage digital workflows for enterprise operations. ServiceNow has a security vulnerability that stems from a reflected XSS vulnerability in the logout function. Affected products and versions: ServiceNow...

CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the...

PT-2023-14925 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions prior to Quebec Patch 10 Hotfix 11b ServiceNow versions prior to Rome Patch 10 Hotfix 3b ServiceNow versions prior to San Diego Patch 9 ServiceNow versions prior to Tokyo Patch 4 ServiceNow versions prior to Utah GA...

Improper Authorization

nilsteampassnet/teampass is vulnerable to Improper Authorization. The vulnerability allows an attacker with low-level privileges to logout everyone out including the admin due to an Insecure Direct Object References IDOR via the user ID...

Anonymous LOGOUT logs explanation

ns.log： Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263167 0 : "Created nFactor session for user Anonymous" Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263174 0 : "AAAD API:...

rami.io pretix 代码问题漏洞

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in rami.io pretix versions prior to 4.17.1. An attacker could exploit the vulnerability to...

IDOR Vulnerability Allow Low-Level User Logout Everyone Includes Admin

Description IDOR vulnerability allow low level user to log out everyone in the system by changing the user ID. Proof of Concept Step 1: Login in as admin Step 2: Go to user and add an user. Set role to Default. Step 3: Login as the new user. Step 4: Logout the user GET...

CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

WordPress Plugin Registration Forms 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2022-4622

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622 Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622

The CVE-2022-4622 issue affects the WordPress plugin Login Logout Menu (versions

CVE-2022-4622 Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Login Logout Menu Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Login Logout Menu Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4622 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 93394eba834d Credits Lana Codes Require...