CVE-2019-14849

Medium

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could…

redhat·CWE-201·Published 2019-12-12

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

230 chars

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

NVDen

230 chars

NVDes

263 chars

Se encontró una vulnerabilidad en 3scale versión anterior a 2.6, no estableció el atributo HTTPOnly en la cookie de sesión del usuario. Un atacante podría usar esto para conducir ataques de tipo cross site scripting y conseguir acceso a información no autorizada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
3.0	Primary	cve.org	4.6	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N