CVE Catalog
CVE-2023-4654
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk0.29%
20th percentile — higher than 20% of all known CVEs
Summary
In the GitHub repository instantsoft/icms2 prior to version 2.16.1, there is a vulnerability related to a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute.
Risk Assessment
The absence of the 'Secure' attribute in cookies may allow attackers to intercept them, jeopardizing the confidentiality of user data.
Recommendation
It is recommended to upgrade to version 2.16.1 or later and ensure that all sensitive cookies have the 'Secure' attribute set.
Original NVD description (English source)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

