Name of the Vulnerable Software and Affected Versions: Passbolt (affected versions not specified)

Description: The issue concerns the /auth/verify.json endpoint, which returns a JSON containing the cookies sent in the request. This could allow an attacker who exploits an XSS vulnerability to retrieve the session cookies of a legitimate user, effectively granting them access to sensitive information without requiring user interaction. The impact of this issue is considered low, but it requires the exploitation of an XSS vulnerability that has yet to be found.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.