CVE-2021-3706

The CVE-2021-3706 entry affects Pi-hole’s AdminLTE-based web interface. Affected component: the adminlte/persistentlogin cookie is set without the HttpOnly flag, making the cookie accessible to JavaScript and susceptible to theft via XSS. The OpenVAS PoC documents show a login flow where the pers...

CVE-2021-34563

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...

CVE-2021-34563

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...

CVE-2021-34563

CVE-2021-34563 affects Pepperl+Fuchs WirelessHART-Gateway versions 3.0.8 and 3.0.9. The HttpOnly flag is not set on a cookie, allowing its value to be read or modified by client-side JavaScript. The documented impact is limited to information leakage/ alteration via cookie access, with CVSSv3 bas...

CVE-2021-34563 In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...

PT-2021-20548 · Pepperl+Fuchs · Wirelesshart Gateway

Name of the Vulnerable Software and Affected Versions: PEPPERL+FUCHS WirelessHART-Gateway versions 3.0.8 through 3.0.9 Description: The issue concerns the absence of the HttpOnly attribute on a cookie, allowing its value to be accessed or modified by client-side JavaScript. This could potentially...

Pepperl Fuchs WirelessHART-Gateway安全漏洞

Pepperl Fuchs WirelessHART-Gateway is a gateway device from Pepperl Fuchs, Germany. A security vulnerability exists in Pepperl Fuchs WirelessHART-Gateway versions 3.0.8 and 3.0.9 that stems from the HttpOnly attribute not being set on a cookie. An attacker can exploit the vulnerability to read or...

Sensitive Cookie Without 'HttpOnly' Flag in glpi-project/glpi

✍️ Description According to 1 we have : HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie 💥 Impact This vulnerability is capable of take control...

openSUSE 15 Security Update : ceph (openSUSE-SU-2021:1834-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1834-1 advisory. - A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from...

IBM Guardium Data Encryption Information Leakage Vulnerability

IBM Security Guardium Data Encryption is an American IBM software for securing sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files, applications and containers. An information...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

Design/Logic Flaw

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

CVE-2021-20416

CVE-2021-20416 affects IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4, where the HTTPOnly flag is not set on cookies, enabling a remote attacker to access sensitive cookie information. The IBM security bulletin notes fixes in GDE 4.0.0.5 and newer; upgrading to that version (or newer) is ...

Design/Logic Flaw

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

ceph-dashboard: Cross-site scripting via token Cookie

A flaw was found in the Red Hat Ceph Storage Dashboard. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS. The greatest threa...

Session Cookies Detected

The scanner collected the session cookies returned by the application during an authenticated scan. The list includes the following information for each cookie: - Name: name of the cookie - Value: value of the cookie - Domain: hosts to which the cookie will be sent - Path: URL path which must exi...

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...