Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2025/11/25 4:6 p.m.3 views

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.7AI score0.00128EPSS
Exploits0References5
OSV
OSV
added 2024/10/04 6:15 p.m.3 views

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

4.6CVSS6.1AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2022/03/14 10:50 p.m.33 views

CVE-2022-24762 Exposure of Sensitive Information to an Unauthorized Actor in sysend.js

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in...

6.5CVSS6.3AI score0.00673EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/03/14 12:0 a.m.6 views

PT-2022-16863

Name of the Vulnerable Software and Affected Versions sysend.js versions prior to 1.10.0 Description The issue affects users who use cross-origin communication, potentially allowing their communications to be intercepted. However, the impact is limited because the communication occurs within the...

6.5CVSS6.6AI score0.00673EPSS
Exploits1References11
Rows per page
Query Builder