org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2025-41001

Cross Site Scripting XSS vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUTREDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote use...

CVE-2025-41001

Cross Site Scripting XSS vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUTREDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote use...

CVE-2025-41001 Cross-Site Scripting (XSS) in SOPlanning

Cross Site Scripting XSS vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUTREDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote use...

EUVD-2025-44042

Cross Site Scripting XSS vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUTREDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote use...

CVE-2025-41001 Cross-Site Scripting (XSS) in SOPlanning

Cross Site Scripting XSS vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUTREDIRECT' parameter in '/soplanning/www/process/options.php'. This vulnerability could allow a remote use...

CVE-2025-41001

CVE-2025-41001: Stored XSS in SOPlanning 1.53.02 arises from insufficient validation of the LOGOUT_REDIRECT parameter in /soplanning/www/process/options.php. The issue can allow an attacker to inject crafted input that is persisted and later delivered to an authenticated user, enabling theft of c...

SOPlanning 跨站脚本漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning version 1.53.02, which stems from insufficient validation of user input for the parameter LOGOUTREDIRECT in the file /soplanning/www/process/options.php, whi...

PT-2025-45610

Name of the Vulnerable Software and Affected Versions SOPlanning version 1.53.02 Description A stored Cross Site Scripting XSS issue exists in SOPlanning version 1.53.02. This is due to insufficient validation of user-supplied data. An attacker can exploit this by sending a POST request utilizing...

CVE-2025-12789

A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL...

Red Hat Single Sign-On 输入验证错误漏洞

Red Hat Single Sign-On is an authentication and access control system from Red Hat USA. The tool is responsible for authentication and access control functions for systems that support most authentication protocols Oauth, OpenId Connect, etc., and can easily integrate with most products such as...

EUVD-2025-38190

A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL...

CVE-2025-12789 Rhsso: open redirect

A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL...

CVE-2025-12789 Rhsso: open redirect

A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL...

CVE-2025-12789

The CVE-2025-12789 issue affects Red Hat Single Sign-On and is an Open Redirect vulnerability during the logout process. The root cause is that the redirect_uri parameter used in the openid-connect logout flow is not properly validated, enabling potential redirection to a malicious URL. Documents...

CVE-2025-12789

A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirecturi parameter associated with the openid-connect logout protocol does not properly validate the provided URL. Mitigation Mitigation for this issue is either...

PT-2025-45393

Name of the Vulnerable Software and Affected Versions Red Hat Single Sign-On affected versions not specified Description An Open Redirect issue exists in Red Hat Single Sign-On during the logout process. The redirect uri parameter within the openid-connect logout protocol does not properly valida...

WordPress Inactive Logout plugin cross-site scripting vulnerability

WordPress Inactive Logout plugin is a WordPress security plugin for automatically terminating inactive user sessions to prevent unauthorized access. The WordPress Inactive Logout plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering...

WordPress Inactive Logout plugin <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by shark3y in WordPress Plugin Inactive Logout versions = 3.5.5...

Proofpoint Insider Threat Management Server 安全漏洞

Proofpoint Insider Threat Management Server is a server-side application from U.S.-based Proofpoint, Inc. that is used to prevent malicious operations by enterprise insiders. A security vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.17.2, which originates...