| Titel | Exrick https://github.com/Exrick/xboot <=3.3.4 User's Sensitive Information is included in Cookies |
|---|
| Beschreibung | In the latest version (v3.3.4) of xboot, there are security flaws in the cookie design. Sensitive user information including uid, username, nickname, mobile, email, address, sex, avatar URL, and birthday are all stored in cookies. If these cookies are compromised, attackers can leverage this information to launch more sophisticated attacks such as brute force attacks, social engineering, and phishing. |
|---|
| Quelle | ⚠️ https://github.com/Exrick/xboot/issues/69 |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 25.07.2025 03:24 (vor 9 Monaten) |
|---|
| Moderieren | 04.08.2025 08:51 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 318654 [Exrick xboot bis 3.3.4 getMenuList Information Disclosure] |
|---|
| Punkte | 19 |
|---|