SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
References
Link | Resource |
---|---|
http://surveyking.com | Product |
https://github.com/javahuang/SurveyKing | Product Third Party Advisory |
https://github.com/javahuang/SurveyKing/issues/7 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-25T18:50:11
Updated: 2022-03-25T18:50:11
Reserved: 2022-02-21T00:00:00
Link: CVE-2022-25590
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-25T19:15:10.637
Modified: 2022-03-31T14:12:34.637
Link: CVE-2022-25590
JSON object: View
Redhat Information
No data.
CWE