Exploit for Cross-site Scripting in Cudy Lt400_Firmware

CVE-2023-31853 Reflected cross-site scripting XSS attack ex...

Exploit for Cross-site Scripting in Cudy Lt400_Firmware

CVE-2023-31851 Reflected cross-site scripting XSS attack ex...

Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double quote, it will continue to read the cookie string unti...

UBUNTU-CVE-2023-26049

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

CVE-2023-26049 Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

K15273: Apache vulnerability CVE-2012-0053

Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...

SUSE CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2022-21939

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21939

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21939 Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21939

CVE-2022-21939 affects Johnson Controls System Configuration Tool (SCT) versions 14 prior to 14.2.3 and 15 prior to 15.0.3. The vulnerability is a SENSITIVE COOKIE WITHOUT 'HttpOnly' FLAG, described as a cross-site scripting issue that could allow an attacker to access cookies and take control of...

PT-2023-12673 · Johnson Controls · Johnson Controls System Configuration Tool

Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie due to the lack of the 'HttpOnly'...

Use-After Free

python-django-horizon is vulnerable to Use-After Free. An Incorrect Permission Assignment for Critical Resource flaw allows Horizon session cookies to be created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files...

GHSA-MWVP-QR62-CVJX nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without httponly flag. It is possible to...

nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without httponly flag. It is possible to...

CVE-2019-25091

nsupdate.info CSRF Cookie Handler (src/nsupdate/settings/base.py) is affected by CVE-2019-25091. The issue arises from manipulating the CSRF_COOKIE_HTTPONLY setting, causing the CSRF/JWT cookie to be set without the HttpOnly flag. This could enable remote manipulation as described in the vulnerab...

CVE-2019-25091 nsupdate.info CSRF Cookie base.py cookie httponly flag

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to...

PT-2022-8303 · Unknown · Nsupdate.Info

Name of the Vulnerable Software and Affected Versions: nsupdate.info affected versions not specified Description: A problematic vulnerability has been found in nsupdate.info, affecting the component CSRF Cookie Handler in the file src/nsupdate/settings/base.py. The manipulation of the argument CS...

nsupdate.info 安全漏洞

nsupdate.info is a free dynamic DNS service in the nsupdate.info development open source. A security vulnerability exists in nsupdate.info, which stems from a mishandling of the parameter CSRFCOOKIEHTTPONLY that results in a cookie without the "httponly" flag...

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...