CVE-2024-8644

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.

high 7.5 CVSS 3.1
Published: Sep 27, 2024
Modified: Jun 2, 2026
Vendor: Oceanicsoft
Product: Valeapp

Description

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).

This issue affects ValeApp: before v2.0.0.

References

Related CVEs

CVE-2024-8643 critical · 9.8
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. This issue affects ValeApp: before v2.0.0.
CVE-2024-8607 critical · 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection. This issue affects ValeApp: be
CVE-2024-8608 medium · 5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS. This issue affects ValeApp
CVE-2024-8609 high · 7.5
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.