| Title | Exrick https://github.com/Exrick/xboot <=3.3.4 User's Sensitive Information is included in Cookies |
|---|
| Description | In the latest version (v3.3.4) of xboot, there are security flaws in the cookie design. Sensitive user information including uid, username, nickname, mobile, email, address, sex, avatar URL, and birthday are all stored in cookies. If these cookies are compromised, attackers can leverage this information to launch more sophisticated attacks such as brute force attacks, social engineering, and phishing. |
|---|
| Source | ⚠️ https://github.com/Exrick/xboot/issues/69 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/25/2025 03:24 (9 months ago) |
|---|
| Moderation | 08/04/2025 08:51 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318654 [Exrick xboot up to 3.3.4 getMenuList cleartext storage in cookie] |
|---|
| Points | 19 |
|---|