CVE-2022-25590 Information

Description

SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout allowing attackers to login to the system and access data using the browser cache when the user exits the application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

https://github.com/javahuang/SurveyKing/issues/7 http://surveyking.com https://github.com/javahuang/SurveyKing

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5