Lucene search
K

51 matches found

OSV
OSV
added 2023/04/18 9:15 p.m.1 views

UBUNTU-CVE-2023-26049

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

5.3CVSS6.6AI score0.013EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/04/18 8:35 p.m.28 views

CVE-2023-26049 Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

2.4CVSS5.8AI score0.013EPSS
Exploits0References8
OSV
OSV
added 2021/08/31 11:15 a.m.4 views

CVE-2021-34563

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript...

3.3CVSS6.3AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.42 views

openSUSE 15 Security Update : ceph (openSUSE-SU-2021:1834-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1834-1 advisory. - A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from...

6.5CVSS6.1AI score0.02449EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2021/06/15 5:17 p.m.4 views

ceph-dashboard: Cross-site scripting via token Cookie

A flaw was found in the Red Hat Ceph Storage Dashboard. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS. The greatest threa...

6.1CVSS5.8AI score0.017EPSS
Exploits1References4
NVD
NVD
added 2021/05/27 12:15 a.m.27 views

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS0.017EPSS
Exploits1References5
OSV
OSV
added 2021/05/27 12:15 a.m.34 views

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS5.4AI score
Exploits0References5
OSV
OSV
added 2021/05/27 12:15 a.m.1 views

DEBIAN-CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS6.6AI score0.017EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/05/27 12:15 a.m.33 views

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS6.7AI score0.017EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2021/05/26 11:56 p.m.34 views

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS6.2AI score0.017EPSS
Exploits1
Cvelist
Cvelist
added 2021/05/26 11:56 p.m.27 views

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.2AI score0.017EPSS
Exploits1References5
CVE
CVE
added 2021/05/26 11:56 p.m.276 views

CVE-2021-3509

Affects Red Hat Ceph Storage 4 dashboard (ceph-dashboard). The root cause is storage of the JWT for user authentication in the browser (localStorage), which exposes tokens to XSS risks. This is described in connected advisories for Ceph-derived distributions (Astral/Linux security bulletins and M...

6.1CVSS5.8AI score0.017EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2021/05/26 11:56 p.m.63 views

CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

6.1CVSS6.1AI score0.017EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/05/19 12:25 a.m.62 views

CVE-2021-3509

A flaw was found in the Red Hat Ceph Storage Dashboard. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS. The greatest threa...

8.1CVSS0.8AI score0.02449EPSS
Exploits1References3
Citrix
Citrix
added 2021/03/19 12:0 a.m.20 views

How to Force Secure and HttpOnly Cookie Options for Websites Using NetScaler Appliance

The web administrators may forceSecure and/orHttpOnly flags on the Session ID and the authentication cookies that are generated by the web applications. Modifying Set-Cookie headers to include these two options can be done using an http Load Balancing Virtual Server and Rewrite Policies on a...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/12/07 12:0 a.m.45 views

phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...

9.8CVSS6.8AI score0.02542EPSS
Exploits0References34
Prion
Prion
added 2020/02/07 3:15 p.m.24 views

Information disclosure

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...

3.5CVSS7AI score0.01017EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.3 views

PT-2019-11799 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue allows attackers to obtain the HTTP session cookie, despite it being marked HttpOnly, by exploiting another XSS vulnerability and accessing the /whoAm...

5.4CVSS4.7AI score0.65753EPSS
Exploits0References7
Hacker One
Hacker One
added 2019/04/10 1:57 p.m.49 views

Grammarly: Account takeover through the combination of cookie manipulation and XSS

Summary: A cookie based XSS on www.grammarly.com exists due to reflection of a cookie called gnarcontainerId in DOM without any sanitization. Normally, gnarcontainerId is being set by the server however a vulnerable endpoint at gnar.grammarly.com called "/cookies" allows us to manipulate cookies...

Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

5.3CVSS7.2AI score0.01578EPSS
Exploits0References5
Rows per page
Query Builder