CVE-2022-38463

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

CVE-2022-38463

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

CVE-2022-38463

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

Cross site scripting

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

CVE-2022-38463

ServiceNow CVE-2022-38463 affects ServiceNow through San Diego Patch 4b and Patch 6, with a reflected XSS in the logout functionality. An unauthenticated (per Nuclei description) or user-interaction-requiring (NVD) attacker can cause arbitrary JavaScript execution in the victim’s browser, potenti...

CVE-2022-38463

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

PT-2022-24418 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions through San Diego Patch 4b and Patch 6 Description: The issue allows reflected XSS in the logout functionality. This can potentially be exploited by attackers to execute malicious scripts on user systems. Recommendations:...

ServiceNow San Diego Patch 跨站脚本漏洞

ServiceNow San Diego Patch is a series of patches from ServiceNow USA. A cross-site scripting vulnerability exists in ServiceNow San Diego Patch 4b and Patch 6 and prior versions, which stems from allowing XSS in the logout function...

CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

DEBIAN-CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

AZL-10651 CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

AZL-36962 CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

Design/Logic Flaw

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

CVE-2021-3639

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

CVE-2022-34624

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request...

PT-2022-22252 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to perform a man-in-the-middle attack via a crafted GET request, as download tokens are not terminated after a user logs out. Recommendations: For Mealie version 1.0.0beta3, as...

Mealie 代码问题漏洞

Mealie is a self-hosted recipe manager and meal planner from an individual developer in Hayden, USA. A security vulnerability exists in Mealie version 1.0.0beta3, which stems from the fact that it does not terminate download tokens after a user logs out leading to an attacker being able to perfor...

Fortinet多款产品 代码问题漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is Fortinet FortiSwitchManager is a network switch management tool designed to help organizations manage their...

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...