Session Cookie Insecurity in MFScripts YetiShare 3.5.2 through 4.5.3

Session Cookie Insecurity in MFScripts YetiShare 3.5.2 through 4.5.3

CVE-2019-19739 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels.

Learn more about our Web Application Penetration Testing UK.