GHSA-f679-254h-qhvj: Leantime allows Cross-Site Scripting (XSS)

GHSA-95j3-435g-vjcp: Leantime affected by Improper Neutralization of HTML Tags

GHSA-3hfj-qcvj-4hx8: Leantime has Missing Authorization Check for Host Parameter

GHSA-38h4-fx85-qcx7: Exiv2 allows Use After Free

GHSA-c39w-3pjx-qc7m: Leantime allows Stored Cross-Site Scripting (XSS)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

**Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute**

Low severity GitHub Reviewed Published Jan 5, 2023 • Updated Jan 6, 2023

Headline

GHSA-m3g7-wrrq-v5c8: Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Related news

ghsa: Latest News