VYPR
Medium severity6.1NVD Advisory· Published Dec 30, 2019· Updated Jun 17, 2026

CVE-2019-19736

CVE-2019-19736

Description

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.