CVE-2013-3636

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...

Mellow Fish YetiShare Cross-Site Scripting Vulnerability

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A security vulnerability exists in Mellow Fish YetiShare versions 3.5.2 through 4.5.3, which stems from the program not setting the HttpOnly flag on session cookies. An attacker can exploit the vulnerability ...

CVE-2019-19736

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting...

CVE-2019-19736

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting...

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component in IBM Case Manager (CVE-2019-4426)

Summary Case Builder component shipped in IBM Case Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426)

Summary Case Builder component shipped with IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Cross site scripting

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information...

CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information...

CVE-2019-14849

A flaw was found where 3scale did not set the HTTPOnly attribute on the user session cookie. An attacker could abuse this flaw to conduct Cross-site Scripting attacks and gain access to unauthorized information...

IBM Operations Analytics-Log Analysis Information Disclosure Vulnerability

IBM Operations Analytics-Log Analysis is a set of semi-structured data analysis solutions from IBM USA. The product is mainly used for application log analysis and problem diagnosis and so on. An information disclosure vulnerability exists in IBM Operations Analytics-Log Analysis, which stems fro...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint

The HTAF4-213 vulnerability involved the exposure of an HTTPOnly session cookie on the /csstest endpoint. The sensitive cookie information was reflected in the page's content, which should not have been accessible in the DOM...

CVE-2019-10405

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

Insecure Cookies Configuration

centreon/centreon uses an insecure cookie configuration. The cookies are not configured to include the HTTPOnly flag, which would allow attacker to steal HTTP cookie information in the event of a successful cross-site scripting attack...

CVE-2019-17104

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

Code injection

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

CVE-2019-17104

Centreon VM (through 19.04.3) is affected by a cookie-configuration issue in the Apache HTTP Server: the HTTPOnly flag is not set, enabling potential theft of cookies. This vulnerability is documented across multiple sources (NVD, Red Hat, GHSA, OSV, CNVD, Veracode, CVE lists) and is tied to Cent...

CVE-2019-17104

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

CVE-2019-10405

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

Cross site scripting

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

CVE-2019-10405

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...