Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jahia xCM 信息泄露漏洞
Vulnerability Description
Jahia xCM是瑞士Jahia公司的一套WCM(网站内容管理)系统。该系统提供了门户网站和文档管理功能。 Jahia xCM 6.6.1及之前的版本中存在信息泄露漏洞,该漏洞源于JSESSIONID cookie的Set-Cookie头部没有包括‘HTTP Only’标志。远程攻击者可利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A