CVE-2024-6739
5.3MEDIUMThe session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Publicado: 7/15/2024Atualizado: 11/21/2024
Descrição
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Análise IADesenvolvido por IA
Produtos Afetados
openfindmailaudit
openfindmailgates
Referências
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory