Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover
Vulnerability Description
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Darwin Factor 代码问题漏洞
Vulnerability Description
Darwin Factor是美国Darwin公司的一个免费开源的下一代 TypeScript 框架。用于创建博客、登录页面和 JamStack 应用程序。 Darwin Factor 存在安全漏洞,该漏洞源于即使在用户注销应用程序后,也会不正确地使用户的会话无效。 此外,用户会话存储在浏览器的本地存储中,默认情况下没有过期时间。 这使得攻击者可以使用 XSS 攻击等技术窃取和重用 cookie,然后接管本地帐户。
CVSS Information
N/A
Vulnerability Type
N/A