MFScripts YetiShare 3.5.2 up to and including 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by malicious users to obtain the cookie via cross-site scripting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mfscripts yetishare |