CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

openSUSE Security Advisory (SUSE-SU-2024:0076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

Cross site scripting

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

React Dashboard Security Vulnerability

React Dashboard is a template. A security vulnerability exists in React Dashboard version 1.4.0, which stems from unset httpOnly and is vulnerable to cross-site scripting attacks...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

SUSE-SU-2024:0076-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Fixed HttpOnly secure flag by default bsc1216508. - Fixed CSRF in errorscontroller.rb protection bsc1216571. Update to version 2.6.4+git.1702030539.5fb7d91b: - Fix mime type issue in MS windows bsc1215438 - Parametrize CORS...

PT-2024-40976 · Microsoft · Ms Windows

Name of the Vulnerable Software and Affected Versions: hawk2 versions prior to 2.6.4+git.1702030539.5fb7d91b Description: The issue concerns the hawk2 software, where several problems have been fixed, including the setting of the HttpOnly secure flag by default and the protection against CSRF in...

CVE-2023-44760

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...

CVE-2023-44760

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...

Go Fiber CSRF Token Validation Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...

GHSA-MV73-F69X-444P Go Fiber CSRF Token Validation Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...

GHSA-94W9-97P3-P368 CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...