Cross-Site Scripting Vulnerability in Novell Data Synchronizer
CVE-2011-2224
Currently unrated
Summary
The Novell Data Synchronizer, in versions prior to 1.2, lacks the HTTPOnly flag in the Set-Cookie header, making it susceptible to cross-site scripting (XSS) attacks. This weakness allows remote attackers to exploit the application through various unspecified vectors, potentially intercepting sensitive user information or executing malicious scripts within the user’s browser.
References
Timeline
Vulnerability published
Vulnerability Reserved