Lack of Secure and HTTP Only Attributes in ccmPoll Cookies in Concrete CMS
CVE-2023-28472 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.
Learn more about our Cms Pen Testing.