12 matches found
CVE-2026-33400
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...
PT-2026-20513
Name of the Vulnerable Software and Affected Versions MajorDoMo versions affected versions not specified Description MajorDoMo contains a stored cross-site scripting XSS issue through the /objects/?op=set API endpoint. This endpoint is intentionally unauthenticated for integration with IoT device...
CVE-2026-22081 Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
PT-2026-2149
Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers are susceptible to a security issue stemming from the absence of the HTTPOnly flag on session cookies used with the web-based administrative interface. An...
CVE-2025-52614
CVE-2025-52614 affects HCL Unica Platform. The issue is a cookie without the HTTPOnly flag, enabling a malicious actor to induce the event by sending users crafted links, directly or via a site. Public sources provide the vulnerability description but do not specify affected versions, exploit det...
CVE-2025-52614 HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site...
CVE-2025-57424
A stored cross-site scripting XSS vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the...
UBUNTU-CVE-2025-26844
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...
Netgear WNR614 安全漏洞
The Netgear WNR614 is an N300 wireless router with external antenna from Netgear USA. The Netgear WNR614 suffers from a security vulnerability that stems from not properly setting the HTTPOnly flag of a cookie, which can be exploited by an attacker to intercept and access sensitive communications...
SUSE CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2018-10692
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily...
UBUNTU-CVE-2018-1340
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...