CVE-2013-4617
CVE-2013-4617 affects Jahia xCM prior to 6.6.2. The issue is that the Set-Cookie header for the JSESSIONID cookie does not use the HTTPOnly flag, which can allow remote attackers to access the cookie via client-side scripts and potentially expose sensitive information. The provided documents conf...