PT-2011-3694 · Novell · Novell Data Synchronizer

Published

2011-08-09

Updated

2015-10-29

CVE-2011-2224

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Novell Data Synchronizer versions 1.x through 1.1.2 build 428

Description The issue makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors, due to the lack of the HTTPOnly flag in a Set-Cookie header.

Recommendations For Novell Data Synchronizer versions 1.x through 1.1.2 build 428, consider updating to a version that includes the HTTPOnly flag in the Set-Cookie header to prevent cross-site scripting attacks.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-2224

Affected Products

Novell Data Synchronizer

PT-2011-3694 · Novell · Novell Data Synchronizer

CVE-2011-2224

Weakness Enumeration

Related Identifiers

Affected Products

References · 4