2 matches found
CVE-2019-14849
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information...
CVE-2019-14849
The CVE-2019-14849 entries describe a vulnerability in Red Hat 3scale API Management (before version 2.6) where the user session cookie was not tagged HttpOnly. This omission enables cross-site scripting and potential exposure of unauthorized information. Affected component: 3scale session cookie...