High severity7.3OSV Advisory· Published May 29, 2024· Updated Apr 15, 2026
CVE-2024-25977
CVE-2024-25977
Description
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 1.0.0-beta.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.