The Mobility Pack prior to 1.2 in Novell Data Synchronizer 1.x up to and including 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via unspecified vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
novell mobility pack 1.0 |
||
novell mobility pack |
||
novell data synchronizer 1.1.0 |
||
novell data synchronizer 1.1.2 |
||
novell mobility pack 1.1.1 |
||
novell data synchronizer 1.0.0 |
||
novell data synchronizer 1.1.1 |
||
novell mobility pack 1.1 |
Vulmon