Description

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Remediation

References

CVE-2022-38846

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)

WordPress Plugin TinyMCE Custom Styles Cross-Site Scripting (1.1.2)

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7269)

Jenkins Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2017-1000393)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Open Redirect (3.8.2.2)

Severity

Medium

Classification

CVE-2022-38846 CWE-319 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities