Cross-Site Request Forgery Vulnerability in MFScripts YetiShare by MFScripts
CVE-2019-19737

8.8HIGH

Key Information:

Vendor: Mfscripts
Status: Yetishare
Vendor: CVE Published:; 30 December 2019

What is CVE-2019-19737?

MFScripts YetiShare versions 3.5.2 through 4.5.3 lack the SameSite attribute on session cookies. This oversight allows the cookies to be transmitted in cross-site requests, which creates a risk of cross-site request forgery (CSRF) attacks. Attackers can exploit this vulnerability to forge requests on behalf of legitimate users, potentially compromising user data and application security.

References

https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multi...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2019
Vulnerability Reserved
Dec 11, 2019

JSON

Mfscripts

What is CVE-2019-19737?

References

CVSS V3.1

Timeline