*Improper cache control-*

The improper cache control vulnerability refers to a security flaw that
arises when a web application does not properly manage or control caching
mechanisms. Caching is an essential technique used to improve performance
by storing frequently accessed data in temporary storage, such as the
client's browser or intermediate proxy servers. However, when caching is
not adequately controlled, sensitive or private information may be
inadvertently stored and exposed to unauthorized users.

*Steps to reproduce-*

1) Go To site settings
2) Do logout
3) click back you can see sensitive info

*Impact-*

Exploiting the improper cache control vulnerability can have serious
consequences, including the following: a. Information Disclosure: Sensitive
user data, such as personal information, authentication tokens, or
confidential documents, may be cached on intermediate systems or the
client's browser. This can lead to unauthorized access, data leakage, or
identity theft.

Cache Poisoning: Attackers can manipulate the cached data to serve
malicious content to unsuspecting users, leading to various attacks, such
as cross-site scripting (XSS), drive-by downloads, or injection attacks.


---
Packet Storm note:

2025/10/13: 

We were indeed missing a cache header for the page in question.  There wasn't a mechanism to commit cache poisoning or xss, but as shared computing is a thing, we addressed it so local caches did not persist post logout.  We would like to extend our thanks to Shivang Singhal for reporting the issue.