2357 matches found
silverstripe framework 授权问题漏洞
silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.10 and earlier versions, which stems from the fact that the Silverstripe ID does not expire upon logout...
CVE-2022-24444: Hybridsessions does not expire session id on logout
More info at https://www.silverstripe.org/download/security-releases/cve-2022-24444...
CVE-2022-22318
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2022-22318
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2022-22317
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281...
Code injection
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
IBM Curam Social Program Management 代码问题漏洞
IBM Curam Social Program Management is a business and technology solution from IBM that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. A code issue vulnerability exists in versions 8.0.0 and...
IBM Curam Social Program Management 代码问题漏洞
IBM Curam Social Program Management is an IBM business and technology solution that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. The vulnerability stems from the failure of the program to...
CVE-2022-22318
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2022-22317
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281...
CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
Design/Logic Flaw
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
Samsung Account 安全漏洞
Samsung Account is a comprehensive free membership to Samsung services for Samsung mobile devices that can be used on smartphones, tablets, websites, TVs and other devices.An information disclosure vulnerability exists in versions prior to Samsung Account 13.2.00.6, which stems from the exposure ...
MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page...
GHSA-MQHW-WQ8P-VF5R MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page...
Wikimedia MediaWiki allows CSRF
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature...
GHSA-27FW-R78J-H898 Wikimedia MediaWiki allows CSRF
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature...
Session tokens are not invalidated on logout
Description The session cookie is not invalidated on logout so, it can be used after logout as well. Proof of Concept Login to the Nakama console. Intercept the request. Below is a sample request: http GET /v2/console/user HTTP/1.1 Host: localhost:7351 Accept: application/json, text/plain, /...