CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12031

The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...

EUVD-2020-7882

Malware in sbrugna...

EUVD-2021-21213

Malware in sbrugna...

EUVD-2019-5972

Malware in sbrugna...

EUVD-2018-8746

Malware in sbrugna...

EUVD-2018-12059

Malware in sbrugna...

CVE-2020-15910

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be...

Go Fiber CSRF Token Validation Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...

GHSA-94W9-97P3-P368 CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in PortlandLabs Concrete CMS versions prior to 9.2 that stems from not setting the Secure and HTTP only attributes for the ccmPoll cooki...

PT-2022-7817 · Red Hat · Openshift Origin

Name of the Vulnerable Software and Affected Versions: Openshift Origin version 3 Description: The issue is related to insecure cookies being set in the console of Openshift Origin. Specifically, the cookies lack 'secure' and 'HttpOnly' attributes. Recommendations: For Openshift Origin version 3,...

CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting XSS because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE...

CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting XSS because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE...

Cross site scripting

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting XSS because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE...

CVE-2021-26589

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting XSS because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE...

CVE-2021-26589

This CVE concerns HPE Superdome Flex Servers where a Cross Site Scripting (XSS) vulnerability arises because the Session Cookie lacks the HttpOnly attribute. Public sources (NVD entry) describe remote exploitation potential and provide a firmware update from HPE as the remediation. The NVD CVSS v...