We found results for “”
CVE-2015-1411
Good to know:
Date: January 20, 2015
There is an Information Disclosure And Session Hijacking vulnerability in Ghost before version 0.5.9 that uses browser localStorage to store the Bearer token in an unsecured state. Theft of the Bearer token permits session hijacking.
Language: JS
Severity Score
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |