CVE-2019-19737

HIGH WAF: Low

CVSS 8.8 Published: 2019-12-30

CWE-352

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.

WAF Coverage Analysis

Cross-Site Request Forgery (CSRF) Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Affected Software

Vendor	Product	Version
mfscripts	yetishare	3.5.2 - 4.5.3

References

medium.com

Back to CVE Database