Description
It was found that if Cumin were asked to display a link name containing
non-ASCII characters, the request would terminate with an error. If data
containing non-ASCII characters were added to the database (such as via
Cumin or Wallaby), requests to load said data would terminate and the
requested page would not be displayed until an administrator cleans the
database. (CVE-2012-2682)
It was found that Cumin did not set the HttpOnly flag on session cookies.
This could allow a malicious script to access the session cookie.
(CVE-2014-0174)