CVE-2019-19736

Published: 2019-12-30T17:15Z

Last Modified: 2024-11-21T04:35Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt