Description
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45527
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/viewContent.do?externalId=7009058
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49069
Scores
EPSS
0.0054
EPSS Percentile
68.0%
Details
CWE
CWE-79
Status
published
Products (8)
novell/data_synchronizer
1.0.0
novell/data_synchronizer
1.1.0
novell/data_synchronizer
1.1.1
novell/data_synchronizer
1.1.2
novell/mobility_pack
1.0
novell/mobility_pack
1.1
novell/mobility_pack
1.1.1
novell/mobility_pack
< 1.1.2
Published
Aug 09, 2011
Tracked Since
Feb 18, 2026