| タイトル | Exrick https://github.com/Exrick/xboot <=3.3.4 User's Sensitive Information is included in Cookies |
|---|
| 説明 | In the latest version (v3.3.4) of xboot, there are security flaws in the cookie design. Sensitive user information including uid, username, nickname, mobile, email, address, sex, avatar URL, and birthday are all stored in cookies. If these cookies are compromised, attackers can leverage this information to launch more sophisticated attacks such as brute force attacks, social engineering, and phishing. |
|---|
| ソース | ⚠️ https://github.com/Exrick/xboot/issues/69 |
|---|
| ユーザー | ZAST.AI (UID 87884) |
|---|
| 送信 | 2025年07月25日 03:24 (9 月 ago) |
|---|
| モデレーション | 2025年08月04日 08:51 (10 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 318654 [Exrick xboot 迄 3.3.4 getMenuList 情報漏えい] |
|---|
| ポイント | 19 |
|---|