Описание
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.2 (включая) до 4.5.3 (включая)
cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00177
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.
EPSS
Процентиль: 39%
0.00177
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352