Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyFAQ Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-4409)

Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

Remediation

References

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8834)

WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)

WordPress Plugin LeaderBoard Cross-Site Request Forgery (1.1.1)

WordPress Plugin WP EasyPay-Square for WordPress Cross-Site Request Forgery (3.2.0)

Joomla! Core Security Bypass (1.7.0 - 3.9.22)

Severity

High

Classification

CVE-2022-4409 CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities