Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Theonedev Onedev 跨站脚本漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev A cross-site scripting...

PT-2022-15369 · Ibm · Ibm Control Desk

Name of the Vulnerable Software and Affected Versions: IBM Control Desk version 7.6.1 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. Recommendations: For IBM Control Desk version 7.6.1, set the...

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

PT-2022-10794 · Ibm · Ibm Jazz Team Server

Name of the Vulnerable Software and Affected Versions: IBM Jazz Team Server versions 6.0.6 through 7.0.2 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. A remote attacker could exploit this to...

PT-2022-9184 · Ibm · Ibm Jazz Team Server

Name of the Vulnerable Software and Affected Versions: IBM Jazz Team Server versions 6.0.6 through 7.0.2 Description: The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie. A remote attacker could exploit this to...

CVE-2022-25151

Within the Service Desk module of the ITarian platform SAAS and on-premise, a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerabilit...

CVE-2022-25151 ITarian - Session cookie not protected by HttpOnly flag

Within the Service Desk module of the ITarian platform SAAS and on-premise, a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerabilit...

PT-2022-17103 · Itarian · Itarian

Name of the Vulnerable Software and Affected Versions: ITarian platform SAAS and on-premise affected versions not specified Description: A remote attacker can obtain sensitive information due to the failure to set the HTTP Only flag within the Service Desk module. This issue can be exploited in...

CVE-2022-25151

CVE-2022-25151 affects ITarian Platform – Service Desk (SaaS and on‑premise). Root cause: cookies not marked HttpOnly, enabling sensitive data exposure. Exploitation requires combination with a user XSS to access the management interface. In the published advisories, SaaS patches were released up...

CVE-2022-25151 ITarian - Session cookie not protected by HttpOnly flag

Within the Service Desk module of the ITarian platform SAAS and on-premise, a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerabilit...

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 unit stations involves the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookie files. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules is related to the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookies files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

PT-2022-2718 · Siemens · Desigo Pxc4 +3

Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: The issue is related to the applicati...

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform that stems from a cookie...

PT-2022-9852 · Hcl +1 · Hcl Bigfix Webui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a cookie without the HTTPONLY flag set. It is mentioned that NUMBER cookies was set without Secure or HTTPOnly flags. The images show...

ADC Vulnerability: pwcount Cookie Missing HTTP Only Flag

Customer is failing PCI scan because the ADC Gateway server pwcount cookie is not showing with HTTP only flag set...

CVE-2021-26474

Various Vembu products allow an attacker to execute a non-blind http-only Cross Site Request Forgery Other products or versions of products in this family may be affected too...