Lucene search
K

151 matches found

OSV
OSV
added 2021/06/08 7:15 p.m.5 views

CVE-2021-26474

Various Vembu products allow an attacker to execute a non-blind http-only Cross Site Request Forgery Other products or versions of products in this family may be affected too...

8.8CVSS5.8AI score0.00707EPSS
Exploits0References4
OSV
OSV
added 2021/01/04 3:15 a.m.3 views

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

4.8CVSS5.8AI score0.00512EPSS
Exploits1References2
OSV
OSV
added 2020/10/29 9:15 a.m.2 views

CVE-2020-27658

Synology Router Manager SRM before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1CVSS6.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/10/01 11:38 a.m.5 views

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

7.5CVSS5.8AI score0.02204EPSS
Exploits0References4
OSV
OSV
added 2020/07/14 1:15 p.m.1 views

CVE-2020-6267

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag...

5.4CVSS6.4AI score0.00785EPSS
Exploits0References2
OSV
OSV
added 2020/04/02 8:15 p.m.3 views

CVE-2019-19003

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting...

6.1CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.18 views

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

6.4AI score0.07055EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/01/23 4:30 a.m.4 views

jenkins: Diagnostic web page exposed Cookie HTTP header

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

5.4CVSS5.9AI score0.65753EPSS
Exploits0References4
OSV
OSV
added 2019/12/12 2:15 p.m.5 views

CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information...

5.4CVSS5.3AI score0.00528EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/11 12:0 a.m.3 views

Red Hat 3scale Cross-Site Scripting Vulnerability

Red Hat 3scale is a suite of API Application Programming Interface lifecycle management software from Red Hat. A cross-site scripting vulnerability exists in Red Hat 3scale, which stems from a user session cookie that fails to set HTTPOnly, and can be exploited by an attacker to conduct cross-sit...

5.4CVSS6.3AI score0.00528EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/20 12:0 a.m.4 views

Centreon VM Memory Corruption Vulnerability

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring capabilities for network, system and application resources.Centreon VM is the virtual machine version of Centreon. A security vulnerability exists i...

7.5CVSS6.7AI score0.01944EPSS
Exploits0References1
OSV
OSV
added 2019/06/07 3:29 p.m.3 views

CVE-2019-8283

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it...

6.5CVSS6.6AI score0.01187EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2019/02/12 12:0 p.m.11 views

Retrieval of HTTP-only cookies

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2018/10/01 7:42 p.m.3 views

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

7.5CVSS5.8AI score0.02204EPSS
Exploits0References4
CNVD
CNVD
added 2018/01/25 12:0 a.m.4 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2018-02232)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in versions prior to Mozilla Firefox 58. The vulnerability can be exploited by an attacker to access cookie values when an existing cookie is set to HttpOnly...

5.3CVSS8.7AI score0.01578EPSS
Exploits0References1
OSV
OSV
added 2018/01/23 12:0 a.m.2 views

UBUNTU-CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

5.3CVSS6.8AI score0.01578EPSS
Exploits0References4
OSV
OSV
added 2017/10/18 3:29 p.m.4 views

DEBIAN-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.9AI score0.05434EPSS
Exploits0References1
OSV
OSV
added 2017/10/18 3:29 p.m.7 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.9AI score0.05434EPSS
Exploits0References14
OSV
OSV
added 2017/04/20 5:59 p.m.5 views

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

7.5CVSS5.8AI score0.01309EPSS
Exploits0References2
OSV
OSV
added 2016/04/22 12:59 a.m.4 views

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References1
Rows per page
Query Builder