CVE-2022-25590

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application...

CVE-2022-25590

Affected software: SurveyKing v0.2.0. Vulnerability: after logout, the application retains session cookies, enabling an attacker to reuse browser cache data to access the system. Root cause / nature: session data persists post-logout, allowing unauthorized re-entry through cached credentials. Imp...

Survey King 代码问题漏洞

Survey King is one of the most powerful, beautiful and easy-to-install open source survey questionnaire systems from the individual developers of Survey King in China. A security vulnerability exists in Survey King version 0.2.0, which originates from the retention of a user's session cookie afte...

PT-2022-17387 · Unknown · Surveyking

Name of the Vulnerable Software and Affected Versions: SurveyKing version 0.2.0 Description: The issue allows attackers to login to the system and access data using the browser cache when the user exits the application, due to the retention of users' session cookies after logout. Recommendations:...

CVE-2022-24742

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect...

CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect...

CVE-2022-24744 Insufficient Session Expiration in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...

Open Redirect

djangospirit is vulnerable to open redirect. The vulnerability exists because the return url parameter is not properly validated during login, logout, register, and resend-activation, which allows an attacker to parse malicious URLs to redirect the user...

Open Redirect in django-spirit

django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register,...

GHSA-5P9J-W2WX-QX4C Open Redirect in django-spirit

django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register,...

IBM MQ Appliance code issue vulnerability

IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM U.S.A. A code issue vulnerability exists in the IBM MQ Appliance, which stems from the IBM MQ appliance not invalidating a session after logging out, and could be exploited by an...

CVE-2021-38986

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942...

CVE-2021-38986

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942...

CVE-2021-38986

The CVE-2021-38986 issue affects IBM MQ Appliance 9.2 CD and 9.2 LTS, where sessions are not invalidated after logout, allowing an authenticated user to impersonate another user. Root cause is insufficient session expiration. IBM/IBM X-Force assign a base CVSS around medium (5.6). Remediation: up...

JetBrains TeamCity Code Issue Vulnerability (CNVD-2022-18623)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity has a code issue vulnerability that stems from the product's...

IBM MQ Appliance 代码问题漏洞

IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM U.S.A. A code issue vulnerability exists in the IBM MQ Appliance, which stems from the IBM MQ appliance not invalidating a session after logging out, and could be exploited by an...

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie...

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie...

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie...

Design/Logic Flaw

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie...