CVE-2024-25977 in HAWKI
Sumário
de MITRE • 29/05/2024
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.
If you want to get best quality of vulnerability data, you may have to visit VulDB.