Lucene search
K

429 matches found

Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.7 views

PT-2025-25315

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue concerns the session cookie @@ with its HttpOnly flag set to false. This setting increases the risk of Cross-Side-Scripting attacks targeting stored cookies, as it allows client-side...

6.1CVSS5.4AI score0.0025EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/06/04 5:14 p.m.30 views

CVE-2024-8008

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

5.2CVSS5.2AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/04 5:14 p.m.20 views

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 4:48 p.m.25 views

CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

5.2CVSS0.00452EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 4:44 p.m.11 views

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

4.3CVSS4.6AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 11:0 a.m.13 views

CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...

6.3CVSS5.4AI score0.00219EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.12 views

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

8.2CVSS6AI score0.00459EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.7 views

CVE-2022-43845

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

7.5CVSS6.2AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.6 views

CVE-2022-4630

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master...

5.3CVSS6.8AI score0.00629EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.21 views

CVE-2021-3706

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag...

7.5CVSS6.8AI score0.01066EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.6 views

CVE-2021-29247

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie...

5.3CVSS6.7AI score0.01201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 p.m.5 views

CVE-2021-40649

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the HttpOnly flag set...

6.5CVSS7AI score0.00794EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.6 views

CVE-2020-6267

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag...

6.3CVSS6.8AI score0.00785EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.9 views

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

6.5CVSS7AI score0.00904EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.19 views

CVE-2019-25091

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to...

5.3CVSS7AI score0.00612EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.6 views

CVE-2019-19003

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting...

6.1CVSS6.8AI score0.00766EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.4 views

CVE-2019-19736

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting...

6.1CVSS6.6AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.9 views

CVE-2011-4850

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...

4.3CVSS6.5AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.5 views

CVE-2019-17104

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

7.5CVSS6.8AI score0.01944EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/10 12:20 a.m.12 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS6.8AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder