CVE-2022-4625

The vulnerability CVE-2022-4625 affects the WordPress plugin Login Logout Menu prior to version 1.4.0. The issue stems from not validating and escaping certain shortcode attributes before outputting them, enabling Stored Cross-Site Scripting that can be triggered by a user with low privileges (as...

CVE-2022-4625 Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4625 Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

WordPress plugin Login Logout Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

GHSA-59QG-93JG-236F Shopware has Insufficient Session Expiration in Administration

Impact The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. Patches We added an automatic logout into the Administration, so the user will be logged out when they are inactive. References...

CVE-2023-22732

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

Design/Logic Flaw

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732

Shopware administration session expiration was set to one week, enabling reuse of a stolen session cookie. The issue is documented across multiple sources (CVE-2023-22732) and is mitigated by updating to version 6.4.18.1, which adds automatic logout after inactivity. The vulnerability affects the...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

PT-2023-18674 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.18.1 Description: The Administration session expiration was set to one week, allowing an attacker who has stolen the session cookie to use it for a long period. An automatic logout into the Administration sessio...

gnome-settings-daemon bug fix and enhancement update

An update is available for gnome-settings-daemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-settings-daemon packages contain a daemon to share...

CVE-2022-43844

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081...

PT-2023-14373 · Ibm · Ibm Robotic Process Automation For Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3 Description: The issue is related to broken access control, where a user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Clo...

IBM Robotic Process Automation 代码问题漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. An access control error vulnerability exists in IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3, which can be exploited by an attacker to cause a user to be...

K74114570: BIG-IP APM webtop vulnerability CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop, may allow attacker to force an APM webtop session to log out and require re-authentication. CVE-2018-15334 Impact A remote attacker may be able to force a BIG-IP APM webtop session to log out and require reauthentication. Security...

Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

CVE-2022-44017

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/main can be used for this. This is due to the credentials not being cleaned from the local storage after...