4 matches found
Sensitive Cookie Without "HttpOnly" Flag
Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...
CVE-2025-12031
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031
The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...