CVE-2024-25977 in HAWKI
Сводка
по MITRE • 29.05.2024
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.
If you want to get best quality of vulnerability data, you may have to visit VulDB.