CVE-2021-46900

Name of the Vulnerable Software and Affected Versions Sympa versions prior to 6.2.62

Description The issue relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.

Recommendations For versions prior to 6.2.62, update to version 6.2.62 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect against XSS attacks and ensure the security of stored passwords.