CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453 CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453 CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...

CVE-2025-27453

CVE-2025-27453 affects Endress+Hauser MEAC300-FNADE4. The underlying issue is an HttpOnly flag misconfiguration on the PHPSESSION cookie, allowing access via JavaScript and enabling potential session hijacking. Public-facing documents consistently describe this as a vulnerability in the MEAC300-F...

PT-2025-27782

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the HttpOnly flag being set to false on the PHPSESSION cookie, allowing it to be accessed by other sources such as JavaScript. Recommendations: At the moment, there is no...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the HttpOnly flag not being set, which can be exploited by an attacker to cause session...

CVE-2025-49189

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...

CVE-2025-49189

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...

CVE-2025-49189

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...

CVE-2025-49189 Cookie missing HttpOnly flag

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...

CVE-2025-49189 Cookie missing HttpOnly flag

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies...

CVE-2025-49189

CVE-2025-49189 describes a flaw where the HttpOnly flag on the session cookie "@@" is set to false, enabling client-side access to cookies and increasing the risk of Cross-Site Scripting. The provided sources indicate a medium impact (CVSS 3.1 base ~6.1; confidentiality/integrity impacts low) wit...

PT-2025-25315

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue concerns the session cookie @@ with its HttpOnly flag set to false. This setting increases the risk of Cross-Side-Scripting attacks targeting stored cookies, as it allows client-side...

SICK Field Analytics和SICK Media Server 安全漏洞

SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from session...

CVE-2024-8008

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...