880 matches found
CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...
CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...
CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...
CVE-2024-47833
Taipy (Python library) is affected by a vulnerability where session cookies are served without Secure and HTTPOnly flags in affected versions prior to 4.0.0. The issue is documented across multiple sources (CVE record, Red Hat, OSV, GitHub GHSA advisory) and is explicitly addressed in release 4.0...
CVE-2022-43845
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...
CVE-2022-43845
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...
IBM Aspera Console 安全漏洞
IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.4 that stems from a failure to s...
CVE-2022-43845 IBM Aspera Console information disclosure
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...
CVE-2022-43845
IBM Aspera Console 3.4.0–3.4.4 is affected by an information disclosure vulnerability caused by the HTTPOnly flag not being set on cookies. This allows a remote attacker to obtain sensitive information from cookies. The issue is documented as CVE-2022-43845. The Affected Products and Versions lis...
CVE-2022-43845 IBM Aspera Console information disclosure
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...
PT-2024-11664 · Ibm · Ibm Aspera Console
Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. This could be exploited by a remote attacker...
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents1 or a...
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents or a...
GHSA-R9CR-QMFW-PMRC Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents or a...
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft', 'Description' = %q A vulnerability exists in versions of OSX, iOS, and Windows Safari...
Android Browser Open in New Tab Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser "Open in New Tab" Cookie Theft', 'Description' = %q In Android's stock AOSP Browser application and WebView component, the "open ...
Taipy has a Session Cookie without Secure and HTTPOnly flags
Summary Session cookie is without Secure and HTTPOnly flags. Details Please take a look at this part of code PoC screenshot or check code directly provided in Occurrences section below Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsxL6...
GHSA-R3JQ-4R5C-J9HP Taipy has a Session Cookie without Secure and HTTPOnly flags
Summary Session cookie is without Secure and HTTPOnly flags. Details Please take a look at this part of code PoC screenshot or check code directly provided in Occurrences section below Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsxL6...
PT-2024-32843 · Taipy · Taipy
Name of the Vulnerable Software and Affected Versions: Taipy versions prior to 4.0.0 Description: The issue concerns session cookies being served without Secure and HTTPOnly flags, which could expose them to interception or tampering if the connection is not secure. The HTTPOnly flag prevents the...
SyroTech SY-GPON-1110-WDONT Information Disclosure Vulnerability (CNVD-2024-34373)
The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from the lack of the HTTPOnly flag in a session cookie associated with the router's web management interface. An attacker can exploit...