PT-2024-37835 · Openfind · Openfind Mailgates +1

Name of the Vulnerable Software and Affected Versions: Openfind MailGates and MailAudit affected versions not specified Description: The issue concerns the session cookie in MailGates and MailAudit, which does not have the HttpOnly flag enabled. This allows remote attackers to potentially steal t...

Unspecified Vulnerability in NETGEAR WNR614

The Netgear WNR614 is an N300 wireless router with external antenna from Netgear USA. The Netgear WNR614 suffers from a security vulnerability that stems from not properly setting the HTTPOnly flag of a cookie, which can be exploited by an attacker to intercept and access sensitive communications...

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

openSUSE Security Advisory (SUSE-SU-2024:0076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4639

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

Cross site scripting

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

React Dashboard Security Vulnerability

React Dashboard is a template. A security vulnerability exists in React Dashboard version 1.4.0, which stems from unset httpOnly and is vulnerable to cross-site scripting attacks...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

SUSE-SU-2024:0076-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Fixed HttpOnly secure flag by default bsc1216508. - Fixed CSRF in errorscontroller.rb protection bsc1216571. Update to version 2.6.4+git.1702030539.5fb7d91b: - Fix mime type issue in MS windows bsc1215438 - Parametrize CORS...

PT-2024-40976 · Microsoft · Ms Windows

Name of the Vulnerable Software and Affected Versions: hawk2 versions prior to 2.6.4+git.1702030539.5fb7d91b Description: The issue concerns the hawk2 software, where several problems have been fixed, including the setting of the HttpOnly secure flag by default and the protection against CSRF in...

CVE-2023-44760

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...

CVE-2023-44760

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...

Go Fiber CSRF Token Validation Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and...