Description

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Remediation

References

CVE-2022-38846

Related Vulnerabilities

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14947)

WordPress Plugin Light Post 'abspath' Parameter Remote File Include (1.4)

Oracle JRE CVE-2022-21296 Vulnerability (CVE-2022-21296)

Oracle Application Server Other Vulnerability (CVE-2005-2093)

WordPress Plugin Asgaros Forum Cross-Site Scripting (1.15.13)

Severity

Medium

Classification

CVE-2022-38846 CWE-319 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities