Description
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Remediation
References
Related Vulnerabilities
Plupload Cross-site Scripting (XSS) Vulnerability (CVE-2016-4566)
OpenSSL Double Free Vulnerability (CVE-2003-0545)
OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)
WordPress Plugin Video Lead Form 'errMsg' Parameter Cross-Site Scripting (0.5)
WordPress Multiple Cross-Site Scripting Vulnerabilities (4.1 - 4.2.1)