Описание
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.2 (включая) до 4.5.3 (включая)
cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00275
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
github
больше 3 лет назад
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.
EPSS
Процентиль: 51%
0.00275
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-732