Security Advisory

CVE-2019-19736

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-30 17:00:12

Last updated 2024-08-05 02:25:12

Assigner mitre

State PUBLISHED

Description

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.

← Browse all CVEs View on cve.org ↗