Security Advisory

CVE-2019-14849

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-12 13:14:53

Last updated 2024-08-05 00:26:39

Assigner redhat

State PUBLISHED

Description

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

← Browse all CVEs View on cve.org ↗