2352 matches found
PT-2024-33274 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Umbraco versions 8.x prior to 8.18.15 Description: The issue is related to insufficient session expiration, where the Backoffice displays the logout page with a sessi...
CVE-2024-46326
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function...
PT-2024-31956 · Public Knowledge · Pkp-Lib
Name of the Vulnerable Software and Affected Versions: Public Knowledge Project pkp-lib versions 3.4.0-7 and earlier Description: The issue is related to an Open redirect vulnerability due to a lack of input sanitization in the logout function. Recommendations: For Public Knowledge Project pkp-li...
CVE-2024-46326
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function...
PKP Web Application Library 输入验证错误漏洞
PKP Web Application Library is a PKP open source library shared by Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS and Open Harvester System OHS. A security vulnerability exists in PKP Web Application Library 3.4.0-7 and earlier versions,...
CVE-2024-45462 Apache CloudStack: Incomplete session invalidation on web interface logout
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out...
CVE-2024-45462 Apache CloudStack: Incomplete session invalidation on web interface logout
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out...
PT-2024-31653 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.15.1.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The logout operation in the CloudStack web interface does not expire the user session completely, which remains valid until...
PT-2024-37046 · Unknown · Password Pusher
Name of the Vulnerable Software and Affected Versions: Password Pusher versions 1.50.3 and prior Description: A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session tok...
scsi: qla2xxx: During vport delete send async logout explicitly
...
CVE-2024-8477
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init function. This makes it possible fo...
CVE-2024-9421
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-9421 Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress Login Logout Shortcode plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via class Parameter vulnerability discovered by theviper17y in WordPress Plugin Login Logout Shortcode versions = 1.1.0...
WordPress Login Logout Shortcode Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Login Logout Shortcode Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9421 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ffc1bb236d2a Credits theviper17y Require...
CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...
CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...
CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...
CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...
CVE-2023-52947
CVE-2023-52947 affects Synology Active Backup for Business Agent prior to 2.6.3-3101, where a missing authentication in the logout function allows local users to log out the client via unspecified vectors. The backup process remains operational. Remediation: upgrade to 2.6.3-3101 or later. No exp...