Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

882 matches found

Prion
Prionadded 2020/04/08 2:15 p.m.10 views

Information disclosure

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM...

5CVSS4.9AI score0.00138EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2020/04/08 2:5 p.m.32 views

CVE-2020-4289

ISIQ (IBM Security Information Queue) versions 1.0.0–1.0.5 expose sensitive cookie data because session cookies lack the HttpOnly flag. This could allow a remote attacker to read cookie data. IBM’s advisory states as of v1.0.6 the HttpOnly flag is set and provides remediation by upgrading to 1.0....

5.3CVSS4.9AI score0.00138EPSS
Exploits0References2Affected Software1
CNVD
CNVDadded 2020/04/08 12:0 a.m.0 views

IBM Security Information Queue Information Disclosure Vulnerability (CNVD-2020-22186)

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue ISIQ that stems from the program failin...

5.3CVSS6.5AI score0.00138EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/04/07 4:32 p.m.11 views

Security Bulletin: IBM Security Information Queue does not set the HttpOnly flag in session cookies (CVE-2020-4289)

Summary IBM Security Information Queue ISIQ does not sufficiently protect session cookies by setting the HttpOnly flag. Consequently, a client-side script could obtain sensitive information from an ISIQ cookie. As of v1.0.6, ISIQ sets the HttpOnly flag. Vulnerability Details CVEID: CVE-2020-4289...

5.3CVSS0.6AI score0.00138EPSS
Exploits0Affected Software1
NVD
NVDadded 2020/04/02 8:15 p.m.11 views

CVE-2019-19003

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting...

6.1CVSS5.8AI score0.00371EPSS
Exploits0References1
Prion
Prionadded 2020/04/02 8:15 p.m.14 views

Cross site scripting

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting...

4.3CVSS6.3AI score0.00371EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/04/02 7:46 p.m.10 views

CVE-2019-19003 ABB eSOMS: HTTPOnly flag not set

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting...

5.3CVSS6.2AI score0.00371EPSS
Exploits0References1
exploitpack
exploitpackadded 2020/02/24 12:0 a.m.53 views

DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 - Persistent Cross-Site Scripting Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...

6.8AI score
Exploits0
NVD
NVDadded 2020/02/18 6:15 p.m.8 views

CVE-2012-0718

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies...

5.8CVSS5.5AI score0.00192EPSS
Exploits0References1
Prion
Prionadded 2020/02/18 6:15 p.m.11 views

Design/Logic Flaw

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies...

5.8CVSS6.8AI score0.00192EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/02/18 5:2 p.m.10 views

CVE-2012-0718

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies...

5.4AI score0.00192EPSS
Exploits0References1
CVE
CVEadded 2020/02/18 5:2 p.m.43 views

CVE-2012-0718

IBM Tivoli Endpoint Manager 8 is affected by CVE-2012-0718 due to not setting the HttpOnly flag on cookies. This can expose cookies to client-side access, impacting confidentiality and integrity (CVSS 3.1 base score 5.4). The vulnerability is network-based with low impact on confidentiality and i...

5.8CVSS5.4AI score0.00192EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2020/02/17 12:0 a.m.3 views

PT-2020-6880 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 through 6.0.2 Description: The issue is related to the absence of the HttpOnly flag in session cookies, which can allow JavaScript to access the cookie contents. This might enable Cross Site Scripting XSS attacks, where...

6.1CVSS5.8AI score0.00371EPSS
Exploits0References6
OSV
OSVadded 2020/02/15 6:19 p.m.1 views

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

5.4CVSS6.1AI score
Exploits0References2
NVD
NVDadded 2020/02/15 6:19 p.m.8 views

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

5.4CVSS5.6AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelistadded 2020/02/15 5:52 p.m.20 views

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

5.6AI score0.00182EPSS
Exploits0References2
NVD
NVDadded 2020/02/13 4:15 p.m.8 views

CVE-2020-7051

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover...

6.1CVSS6AI score0.00282EPSS
Exploits0References2
Prion
Prionadded 2020/02/13 4:15 p.m.11 views

Cross site scripting

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover...

4.3CVSS6AI score0.01819EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2020/02/07 3:15 p.m.15 views

CVE-2013-3636

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...

5.4CVSS5.4AI score0.00235EPSS
Exploits2References3
Prion
Prionadded 2020/02/07 3:15 p.m.21 views

Information disclosure

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...

3.5CVSS7AI score0.00235EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder