Unrated severityNVD Advisory· Published Jan 4, 2021· Updated Aug 3, 2024
CVE-2021-21494
CVE-2021-21494
Description
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MK-AUTH/MK-AUTHdescription
Patches
Vulnerability mechanics
References
2- mk-auth.com.brmitrex_refsource_MISC
- gist.github.com/alacerda/380b8923e36a29a02ba1457c1eb3ec2fmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.