Missing HTTPOnly Flag in Set-Cookie Header in DDSN Interactive cm3 Acora CMS

Missing HTTPOnly Flag in Set-Cookie Header in DDSN Interactive cm3 Acora CMS

CVE-2013-4724 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Learn more about our Cms Pen Testing.