A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14849 | Issue Tracking Vendor Advisory |
Configurations
History
12 Feb 2023, 23:35
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information. | |
CWE | CWE-201 | |
References |
|
02 Feb 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found where 3scale did not set the HTTPOnly attribute on the user session cookie. An attacker could abuse this flaw to conduct Cross-site Scripting attacks and gain access to unauthorized information. |
Information
Published : 2019-12-12 14:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-14849
Mitre link : CVE-2019-14849
CVE.ORG link : CVE-2019-14849
JSON object : View
Products Affected
redhat
- 3scale