2 matches found
CVE-2019-19737
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...
CVE-2019-19737
CVE-2019-19737 affects MFScripts YetiShare in versions 3.5.2 through 4.5.3. The root cause is that session cookies do not have the SameSite flag set, allowing cookies to be sent with cross-site requests and potentially enabling cross-site request forgery attacks. Multiple connected sources confir...