cvedb.io
CVE-2025-22493
MEDIUM · CVSS 5.6
EPSS exploitation probability: 0%
Published 2025-03-05T09:15:10.443 · Last modified 2026-06-17T08:47:45.003

Summary

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.