PT-2019-15936 · Mfscripts · Mfscripts Yetishare

Publicado

2019-12-30

Atualizado

2020-01-07

CVE-2019-19736

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MFScripts YetiShare versions 3.5.2 through 4.5.3

Description The issue allows attackers to potentially obtain session cookies via cross-site scripting, as the HttpOnly flag is not set on session cookies. This can be exploited by scripts to read the cookie.

Recommendations For versions 3.5.2 through 4.5.3, consider setting the HttpOnly flag on session cookies to prevent them from being accessed by scripts. As a temporary workaround, restrict access to sensitive areas of the application that use session cookies to minimize the risk of exploitation.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2019-19736

Produtos afetados

Mfscripts Yetishare

PT-2019-15936 · Mfscripts · Mfscripts Yetishare

CVE-2019-19736

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3