CVE-2024-25977
Published May 29, 2024
Last updated 5 months ago
Overview
- Description
- The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.
- Source
- 551230f0-3615-47bd-b7cc-93e92e730bbf
- NVD status
- Awaiting Analysis
Weaknesses
- 551230f0-3615-47bd-b7cc-93e92e730bbf
- CWE-384
Social media
- Hype score
- Not currently trending