PT-2019-15936 · Mfscripts · Mfscripts Yetishare

Published

2019-12-30

Updated

2020-01-07

CVE-2019-19736

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MFScripts YetiShare versions 3.5.2 through 4.5.3

Description The issue allows attackers to potentially obtain session cookies via cross-site scripting, as the HttpOnly flag is not set on session cookies. This can be exploited by scripts to read the cookie.

Recommendations For versions 3.5.2 through 4.5.3, consider setting the HttpOnly flag on session cookies to prevent them from being accessed by scripts. As a temporary workaround, restrict access to sensitive areas of the application that use session cookies to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-19736

Affected Products

Mfscripts Yetishare

PT-2019-15936 · Mfscripts · Mfscripts Yetishare

CVE-2019-19736

Weakness Enumeration

Related Identifiers

Affected Products

References · 3