Security Advisory

CVE-2024-25977

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-29 12:31:29

Last updated 2025-02-13 17:40:58

Assigner SEC-VLab

State PUBLISHED

Description

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victims browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victims account being taken over.

← Browse all CVEs View on cve.org ↗