All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-1836
MEDIUMpublished 2026-06-12 14:16 UTC · 13 days ago · modified 2026-06-12 16:00 UTC
5.3
CVSS / 10
// description
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.
// cvss 4.0 vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
// weaknesses (CWE)
- CWE-257