10 matches found
Improper Access Control
Hono is vulnerable to Improper Access Control. The vulnerability is due to inconsistent cookie parsing between browsers and the parse function, where differently formatted cookie names may be normalized to the same key, allowing attacker-controlled cookies to override legitimate ones and bypass...
CVE-2026-39410
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...
CVE-2026-39410
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...
CVE-2026-39410 Hono has a non-breaking space prefix bypass in cookie name handling in getCookie()
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...
CVE-2026-35178
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...
CVE-2026-35178
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...
EUVD-2026-19450
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...
PT-2026-30712
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...
CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
eGroupWare <= 1.0.00.003 Multiple Module XSS
The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though Ness...