Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14849

Опубликовано: 12 дек. 2019
Источник: nvd
CVSS3: 4.6
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
Версия до 2.6 (исключая)

EPSS

Процентиль: 59%
0.00374
Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-201
CWE-79

Связанные уязвимости

redhat логотип

CVE-2019-14849

CVSS3: 4.6
redhat
около 6 лет назад

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

github логотип

GHSA-8v4x-g74w-cgg6

CVSS3: 5.4
github
больше 3 лет назад

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

EPSS

Процентиль: 59%
0.00374
Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-201
CWE-79