Lack of Secure and HTTP Only Attributes in ccmPoll Cookies in Concrete CMS

Lack of Secure and HTTP Only Attributes in ccmPoll Cookies in Concrete CMS

CVE-2023-28472 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies.

Learn more about our Cms Pen Testing.