2 matches found
CVE-2021-40649
In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the HttpOnly flag set...
CVE-2021-40649
In Connx 6.2.0.1269 (20210623), the application can issue a cookie that is not marked HttpOnly. This creates a potential exposure where the cookie could be accessed by client-side scripts, aligning with a CVSS base of 6.4 (NVD) / 6.5 (CVSS3.1) and a MEDIUM severity: network attack vector, low att...