5.9

CVE-2025-8528

Exploit

Exrick xboot getMenuList sensitive information in a cookie

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ExrickXboot Version <= 3.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.199
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 2.9 0 0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-315 Cleartext Storage of Sensitive Information in a Cookie

The product stores sensitive information in cleartext in a cookie.

https://github.com/Exrick/xboot/issues/69
Exploit
Issue Tracking
https://github.com/Exrick/xboot/issues/69#issue-3252177305
Exploit
Issue Tracking
https://vuldb.com/?ctiid.318654
VDB Entry
Permissions Required
https://vuldb.com/?id.318654
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.622175
Third Party Advisory
VDB Entry