The UI Performs the Wrong Action in robotichead/nearbeach


Reported on

Oct 16th 2021


Sensitive data on the application can be exposed after the user logout

Proof of Concept

1 Login to the application ( )

2 Goto page like My Account , or Any other page

3 Click logout

4 Click browser back button


When a user logs out without closing the browser someone can view the information inside by clicking the back button on the browser.


not sure about exact file and line of occurrence

Add this code resolve this issue

addHeader("Cache-Control", "no-cache, no-store, must-revalidate");

We have contacted a member of the robotichead/nearbeach team and are waiting to hear back 2 years ago
robotichead validated this vulnerability 2 years ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
2 years ago



We have tried to re-replicate this issue however can not anymore. Can you please confirm that you can not re-replicate this issue.

Thank you

Regards Robotichead

2 years ago


Issue is fixed

Thank you Regards Asura-n

robotichead marked this as fixed with commit 157f7c 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE has been validated
to join this conversation