Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/29 7:29 p.m.5 views

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via missing HttpOnly and Secure attributes on the pinpointJwt session cookie. An attacker can access session tokens by exploiting stored or reflected cross-site scripting to exfiltrate the cookie...

7.6CVSS5.9AI score0.00126EPSS
Exploits0References2
NVD
NVD
added 2025/10/21 6:15 p.m.13 views

CVE-2025-12031

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 5:22 p.m.8 views

CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

5.3CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2025/10/21 5:22 p.m.18 views

CVE-2025-12031

The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...

5.3CVSS6.6AI score0.0019EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder