Mail2000 Vulnerability Allows Bypass of HttpOnly Flag

CVE-2024-6741

5.3MEDIUM

Key Information

Vendor: Openfind
Status: Mail2000
Vendor: CVE Published:; 15 July 2024

Summary

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 15, 2024

Collectors

NVD Database