Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-12467 | Session Fixation vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. | 6.5 |
| 2020-04-27 | CVE-2020-1762 | Session Fixation vulnerability in multiple products An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration. | 8.6 |
| 2020-04-24 | CVE-2020-6824 | Session Fixation vulnerability in Mozilla Firefox Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. | 2.8 |
| 2020-04-15 | CVE-2020-11729 | Session Fixation vulnerability in multiple products An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. | 9.8 |
| 2020-04-15 | CVE-2020-11728 | Session Fixation vulnerability in multiple products An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. | 7.5 |
| 2020-04-08 | CVE-2020-8826 | Session Fixation vulnerability in Argoproj Argo CD As of v1.5.0, the Argo web interface authentication system issued immutable tokens. | 7.5 |
| 2020-04-08 | CVE-2020-4291 | Session Fixation vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. | 4.3 |
| 2020-04-08 | CVE-2020-5550 | Session Fixation vulnerability in Plathome products Session fixation vulnerability in EasyBlocks IPv6 Ver. | 8.1 |
| 2020-04-01 | CVE-2020-5290 | Session Fixation vulnerability in Ctfd Rctf In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. | 6.5 |
| 2020-03-16 | CVE-2019-19610 | Session Fixation vulnerability in Halvotec Raquest 10.23.10801.0 An issue was discovered in Halvotec RaQuest 10.23.10801.0. | 5.4 |