Description

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Remediation

References

CVE-2022-38846

Related Vulnerabilities

PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)

WordPress Plugin PDF Viewer Block for Gutenberg Cross-Site Scripting (1.0)

WordPress Plugin Form Vibes-Database Manager for Forms Unspecified Vulnerability (1.4.2)

WordPress Plugin Ceceppa Multilingua Multiple Cross-Site Scripting Vulnerabilities (1.5.13)

WordPress Plugin Target First Live chat Unspecified Vulnerability (1.0)

Severity

Medium

Classification

CVE-2022-38846 CWE-319 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities