exploitDog

GHSA-499f-rpfh-94vx

Опубликовано: 16 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

Ссылки

EPSS

Процентиль: 15%

0.00048

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-1004

Связанные уязвимости

CVE-2026-0696

CVSS3: 6.5

nvd

23 дня назад

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

EPSS

Процентиль: 15%

0.00048

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-1004