InHand Networks InRouter302 web interface session cookie information disclosure vulnerability

Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...

GitHub Security Lab: [JavaScript]: CWE-1004: Sensitive cookie without HttpOnly

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: [GO] CWE-1004: Sensitive cookie without HttpOnly

This bug was reported directly to GitHub Security Lab...

Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...