CVE-2013-4724

Name of the Vulnerable Software and Affected Versions DDSN Interactive cm3 Acora CMS versions 5.5.0/1b-p1 through 6.0.6/1a

Description The issue allows remote attackers to obtain potentially sensitive information via script access to an unspecified cookie, as the HTTPOnly flag is not included in the Set-Cookie header.

Recommendations For versions 5.5.0/1b-p1 through 6.0.6/1a, consider configuring the Set-Cookie header to include the HTTPOnly flag for the affected cookie to prevent script access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.