MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.
References
Configurations
History
07 Nov 2023, 03:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-02-10 13:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-20060
Mitre link : CVE-2019-20060
CVE.ORG link : CVE-2019-20060
JSON object : View
Products Affected
mfscripts
- yetishare
CWE
CWE-922
Insecure Storage of Sensitive Information