Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WorkforceROI Xpede重验证明文密码泄露漏洞
Vulnerability Description
Intellisol Xpede是一款基于浏览器结合使用的时间和费用,项目成本管理的金融相关系统,运行在Microsoft Windows操作系统下。 Intellisol Xpede由于在超时重新验证上处理存在漏洞,可导致密码信息以明文方式泄露。 如果用户的浏览器设置为'Remember my password'功能的话,当对超时会话进行重新验证的时候,通过浏览javascript脚本源代码就可以获得用户的明文密码。如果系统是多用户系统的话,就可以导致密码被其他用户获得。
CVSS Information
N/A
Vulnerability Type
N/A