3 matches found
Moxa AWK-3121 Sensitive Cookie Without Httponly Flag (CVE-2018-10692)
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie Password508 does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. This plugin only works with Tenable.ot. Please visit...
CVE-2018-10692
creationtimestamp| type| source ---|---|--- 2019-06-08 00:28:27+00:00| seen| https://t.me/cibsecurity/4790...
CVE-2018-10692
The CVE-2018-10692 issue affects Moxa AWK-3121 devices (version 1.14) where the session cookie Password508 is not HttpOnly, enabling a cross-site scripting attacker to steal the cookie. Connected sources (NVD, CISA/ICS advisory, and Nessus plugin) confirm this vulnerability is tied to the HTTP co...