CVE-2023-26260

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.

Related Vulnerabilities

CVE-2014-125048

MEDIUM
CVSS:5.4(Medium)

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session ...

CWE-3842014

CVE-2017-2145

MEDIUM
CVSS:5.4(Medium)

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

CWE-3842017

CVE-2018-1000409

MEDIUM
CVSS:5.4(Medium)

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalida...

CWE-3842018

CVE-2018-13337

MEDIUM
CVSS:5.4(Medium)

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

CWE-3842018

CVE-2018-18380

MEDIUM
CVSS:5.4(Medium)

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The ...

CWE-3842018

CVE-2019-10158

MEDIUM
CVSS:5.4(Medium)

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

CWE-3842019