CVE-2019-19736
MEDIUMMFScripts YetiShare 3.5.2-4.5.3 - Session Cookie HttpOnly Flag Missing
Title source: llmDescription
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459
Scores
CVSS v3
6.1
EPSS
0.0061
EPSS Percentile
44.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-732
Status
published
Products (1)
mfscripts/yetishare
3.5.2 - 4.5.3
Published
Dec 30, 2019
Tracked Since
Feb 18, 2026