CVE-2024-6739
5.3MEDIUMThe session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Опубликовано: 7/15/2024Обновлено: 11/21/2024
Описание
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
ИИ-АнализНа базе ИИ
Затронутые продукты
openfindmailaudit
openfindmailgates
Ссылки
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfExploit
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlThird Party Advisory