CVE-2024-6739
5.3MEDIUMThe session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Publicado: 7/15/2024Actualizado: 11/21/2024
Descripción
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Análisis IAImpulsado por IA
Productos Afectados
openfindmailaudit
openfindmailgates
Referencias
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory