Crossite scripting; no session cookie timeout is implemented.
vulners.com/securityvulns/securityvulns:doc:8710
vulners.com/securityvulns/securityvulns:doc:8711
vulners.com/securityvulns/securityvulns:doc:8741
vulners.com/securityvulns/securityvulns:doc:8742