| 标题 | Exrick https://github.com/Exrick/xboot <=3.3.4 User's Sensitive Information is included in Cookies |
|---|
| 描述 | In the latest version (v3.3.4) of xboot, there are security flaws in the cookie design. Sensitive user information including uid, username, nickname, mobile, email, address, sex, avatar URL, and birthday are all stored in cookies. If these cookies are compromised, attackers can leverage this information to launch more sophisticated attacks such as brute force attacks, social engineering, and phishing. |
|---|
| 来源 | ⚠️ https://github.com/Exrick/xboot/issues/69 |
|---|
| 用户 | ZAST.AI (UID 87884) |
|---|
| 提交 | 2025-07-25 03時24分 (9 月前) |
|---|
| 管理 | 2025-08-04 08時51分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 318654 [Exrick xboot 直到 3.3.4 getMenuList 信息公开] |
|---|
| 积分 | 19 |
|---|