Sensitive Information Disclosure in Planet eStream before 6.72.10.07: ON Cookie and WhoAmI Endpoint Vulnerability
CVE-2022-45895 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
Learn more about our Web Application Penetration Testing UK.