exploitDog

CVE-2025-22493

Опубликовано: 05 мар. 2025

Источник: nvd

CVSS3: 5.6

EPSS Низкий

Описание

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.

Ссылки

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf

EPSS

Процентиль: 4%

0.00018

Низкий

5.6 Medium

CVSS3

Дефекты

CWE-319

Связанные уязвимости

GHSA-xg72-j456-mcj9

CVSS3: 5.6

github

11 месяцев назад

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.

EPSS

Процентиль: 4%

0.00018

Низкий

5.6 Medium

CVSS3

Дефекты

CWE-319