4 matches found
org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
CVE-2024-8149
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2022-24762 Exposure of Sensitive Information to an Unauthorized Actor in sysend.js
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in...
PT-2022-16863
Name of the Vulnerable Software and Affected Versions sysend.js versions prior to 1.10.0 Description The issue affects users who use cross-origin communication, potentially allowing their communications to be intercepted. However, the impact is limited because the communication occurs within the...