216.73.217.64

CVE-2024-25977

· Published 29/05/2024 13:15 · Modified 29/05/2024 15:18

Labels: CVE-2024-25977 2024-05-29551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2024-25977CWE-384

Essential information

Published
29/05/2024 13:15
Modified
29/05/2024 15:18
Author
Creator
CISA KEV
No
CWE

Description

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

References