CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

PT-2022-24868 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.7 Description: The issue arises when setting $secure or $httponly value to true in ConfigCookie is not reflected in set cookie or Response::setCookie, resulting in cookie values being erroneously exposed to...

Cookies generated by VPN Vserver lack Secure/SameSite/HttpOnly flags

Cookies generated by VPN Vserver lack Secure/SameSite/HttpOnly flags...

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

Information disclosure

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...

Linktree: XSS in SocialIcon Link

XSS in SocialIcon Link There was no validation of the url provided for the SocialIcon Link , which allowed to include javascript uri . As the cookies were marked as httponly , I couldn't steal them directly via the xss so instead I found an endpoint which was leaking the accessToken used for...

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-32778

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-32778

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

Information disclosure

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

Information disclosure

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-32778

WWBN AVideo 11.6 and dev master commit 3f7c0364 are affected by information-disclosure cookies issues (CVE-2022-32777 and CVE-2022-32778) per TALOS-2022-1542. The session cookie lacks HttpOnly and Secure flags, allowing access via JavaScript and leakage over non-HTTPS. The pass cookie also lacks ...

CVE-2022-32778

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-32777

CVE-2022-32777 affects WWBN AVideo 11.6 and dev-master (commit 3f7c0364). The vulnerability centers on cookie handling: session cookie lacks HttpOnly and Secure flags on some deployments, enabling JavaScript access and potential leakage over non-HTTPS. The related pass cookie is explicitly set wi...

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

PT-2022-21459 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: An information disclosure issue exists in the cookie functionality. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses th...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from a missing HttpOnly flag in the session cookie and pass cookie, which can disclose sensitive information...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from a missing HttpOnly flag in the session cookie and pass cookie, which can disclose sensitive information...