Description

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Remediation

References

CVE-2014-8775

Related Vulnerabilities

MySQL CVE-2015-4767 Vulnerability (CVE-2015-4767)

Magento CVE-2019-8133 Vulnerability (CVE-2019-8133)

WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8)

Internet Information Services Other Vulnerability (CVE-2001-0545)

Ruby Inadequate Encryption Strength Vulnerability (CVE-2011-4121)

Severity

Medium

Classification

CVE-2014-8775 CWE-200

Tags

Missing Update Known Vulnerabilities