CVE-2021-39501

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function...

EyouCms 输入验证错误漏洞

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. An attacker can exploit this vulnerability to redirect users to malicious URLs via the logout feature...

Cross-Site Request Forgery (CSRF) in forkcms/forkcms

✍️ Description Attacker is able to logout a user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out //POC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

CVE-2021-35342

The useradm service 1.14.0 in Northern.tech Mender Enterprise 2.7.x before 2.7.1 and 1.13.0 in Northern.tech Mender Enterprise 2.6.x before 2.6.1 allows users to access the system with their JWT token after logout, because of missing invalidation if the JWT verification cache is enabled...

CVE-2021-35342

The useradm service 1.14.0 in Northern.tech Mender Enterprise 2.7.x before 2.7.1 and 1.13.0 in Northern.tech Mender Enterprise 2.6.x before 2.6.1 allows users to access the system with their JWT token after logout, because of missing invalidation if the JWT verification cache is enabled...

CVE-2021-35342

The CVE-2021-35342 issue affects the useradm service in Northern.tech Mender Enterprise: version 1.14.0 (2.7.x line before 2.7.1) and 1.13.0 (2.6.x before 2.6.1) allow an authenticated user to continue accessing the system after logout when the JWT verification cache is enabled, due to missing in...

useradm 代码问题漏洞

useradm is a microservice used to manage user data and authentication in the Mender ecosystem. A security vulnerability exists in useradm that stems from service credentials not being invalidated, allowing users to access the system with their JWT token after logging out. The following products a...

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to logout user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...

jetty: SessionListener can prevent a session from being invalidated breaking logout

A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...

CVE-2021-38554

A flaw was found in the vault package. The Vault UI web application may fail to completely clear a client-side data cache on user logout. As a result, an authenticated user sharing a browser to access Vault may have been able to view the previous authenticated user’s cached secrets, even if they...

CVE-2020-18701

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

PYSEC-2021-341

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

Improper access control

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

PYSEC-2021-341

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

CVE-2020-18701

CVE-2020-18701 affects Lin-CMS-Flask v0.1.1, where incorrect access control fails to invalidate a user’s authentication token on logout, enabling replay of packets to obtain sensitive information and/or gain privileges. Affected component is the authentication/session handling in Lin-CMS-Flask (v...

CVE-2020-18701

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

TaleLin Lin-CMS-Flask 访问控制错误漏洞

TaleLin Lin-CMS-Flask is a content management system framework. an access control error vulnerability exists in TaleLin Lin-CMS-Flask, stemming from incorrect access control in Lin-CMS-Flask v0.1.1, which could be exploited by an attacker to obtain sensitive information and/or because the...

Debian: Security Advisory (DSA-4952-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4952-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4952-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2021 https://www.debian.org/security/faq -...

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to logout a user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check unintentionally you loged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability...