CVE-2022-25590

Medium

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data…

mitre·CWE-613·Published 2022-03-25

CVSS

6.5

EPSS

0.02

KEV

Exploits

cve.orgen

198 chars

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

NVDen

198 chars

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

Se ha detectado que SurveyKing versión v0.2.0, retiene las cookies de sesión de los usuarios después de cerrar la sesión, lo que permite a atacantes entrar en el sistema y acceder a los datos usando la caché del navegador cuando el usuario sale de la aplicación

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N