CVE-2024-6739
5.3MEDIUMThe session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Published: 7/15/2024Updated: 11/21/2024
Description
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
AI AnalysisPowered by AI
Affected Products
openfindmailaudit
openfindmailgates
References
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory