CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...