漏洞标题
Foreseer Reporting Software (FRS)中cookie属性设置不当
漏洞描述信息
在Foreseer Reporting Software (FRS) 中,会话Cookie的Secure标志未被设置,而SameSite属性被设置为Lax。由于缺乏Secure标志,可能会导致会话Cookie通过未加密的HTTP连接传输。这一安全问题已在最新版本的FRS v1.5.100中得到解决。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
敏感数据加密缺失
漏洞标题
Improper cookie attributes in Foreseer Reporting Software (FRS)
漏洞描述信息
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
漏洞类别
敏感数据的明文传输