CVE-2024-6739
5.3MEDIUMThe session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Veröffentlicht: 7/15/2024Aktualisiert: 11/21/2024
Beschreibung
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
KI-AnalyseKI-gestützt
Betroffene Produkte
openfindmailaudit
openfindmailgates
Referenzen
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory