2 matches found
CVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag...
CVE-2021-3706
The CVE-2021-3706 entry affects Pi-hole’s AdminLTE-based web interface. Affected component: the adminlte/persistentlogin cookie is set without the HttpOnly flag, making the cookie accessible to JavaScript and susceptible to theft via XSS. The OpenVAS PoC documents show a login flow where the pers...