Medium severity6.1NVD Advisory· Published Dec 30, 2019· Updated Jun 17, 2026
CVE-2019-19736
CVE-2019-19736
Description
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting.
Affected products
2- MFScripts/YetiSharedescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.