Описание
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Уязвимые конфигурации
Конфигурация 1Версия до 6.6.1 (включая)
cpe:2.3:a:jahia:jahia_xcm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
EPSS
Процентиль: 48%
0.0025
Низкий
5 Medium
CVSS2
Дефекты
CWE-200