Lucene search
K

154 matches found

CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

IBM Security Directory Integrator和IBM Security Verify Directory 安全漏洞

IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...

7.5CVSS6.5AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2024/07/26 12:15 p.m.3 views

CVE-2024-41685

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...

7.5CVSS5.8AI score0.00497EPSS
Exploits0References2
OSV
OSV
added 2024/06/07 3:15 p.m.3 views

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

4.8CVSS5.8AI score0.0027EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.4 views

PT-2024-4345 · NetGear · Netgear Wnr614

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 JNR1010V2 N300-V1.1.0.54 1.0.1 Description: The issue is related to the improper setting of the HTTPOnly flag for cookies, allowing attackers to possibly intercept and access sensitive communications between the router and...

7.5CVSS7.1AI score0.0027EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2024/05/20 4:51 p.m.15 views

Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they manag...

6.4AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/20 4:51 p.m.8 views

GHSA-F5PP-PMQ8-GP46 Passbolt Api Retrieval of HTTP-only cookies

Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are properly set HTTP-only to prevent an attacker from retrieving the content of those cookies if they manag...

3.7CVSS6.4AI score
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older...

6.1CVSS6.3AI score0.07055EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/07/05 9:36 p.m.49 views

@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state

Impact All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be...

8.8CVSS6.8AI score0.00679EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/07/04 5:15 p.m.18 views

CVE-2023-31999

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to...

8.8CVSS7.1AI score
Exploits0References3
Cvelist
Cvelist
added 2023/07/04 4:29 p.m.30 views

CVE-2023-31999

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to...

8.9AI score0.00679EPSS
Exploits1References3
OSV
OSV
added 2023/06/13 4:15 a.m.4 views

CVE-2023-2876

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

6.1CVSS5.8AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2023/04/28 3:30 p.m.28 views

GHSA-F55R-8RCV-MQCF Concrete CMS missing secure cookie parameters

Concrete CMS previously concrete5 before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies...

5.3CVSS5.3AI score0.00591EPSS
Exploits0References7
NVD
NVD
added 2023/04/28 2:15 p.m.23 views

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

5.3CVSS5.4AI score0.00591EPSS
Exploits0References3
Prion
Prion
added 2023/04/28 2:15 p.m.17 views

Code injection

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

5CVSS5.3AI score0.00591EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/04/28 12:0 a.m.22 views

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

5.6AI score0.00591EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.4 views

PT-2023-21742 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue is related to the ccmPoll cookies in Concrete CMS, where the Secure and HTTP only attributes are n...

5.3CVSS5AI score0.00591EPSS
Exploits0References14
Huntr
Huntr
added 2023/02/16 5:57 p.m.11 views

Folder in webmail mailbox is vulnerable to Cross-Site Scripting (Reflective)

Issue Description • Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause...

0.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.3 views

SUSE CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS8.5AI score0.0156EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.5 views

SUSE CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

5.3CVSS8.4AI score0.01578EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.4 views

SUSE CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

6.5CVSS6.8AI score0.00471EPSS
Exploits0References3
Rows per page
Query Builder