Lucene search
K

194 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 12:49 a.m.10 views

CVE-2022-3251

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

7.5CVSS6.7AI score0.00508EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.6 views

The vulnerability of the software-hardware control and protection systems for SCADA systems, ABB REX640, arises from the use of a sensitive cookie without the “HttpOnly” flag. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the software-hardware control and protection systems for SCADA systems in ABB REX640 is related to a sensitive cookie without the “HttpOnly” flag. Exploiting this vulnerability allows attackers to perform cross-site scripting XSS attacks...

6.4CVSS6.1AI score0.00292EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2024/09/25 1:15 a.m.3 views

CVE-2022-43845

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

7.5CVSS5.6AI score
Exploits0References1
Veracode
Veracode
added 2024/08/28 8:32 p.m.5 views

Sensitive Cookie In HTTPS Session Without "Secure" Attribute

taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...

7.1AI score
Exploits0
OSV
OSV
added 2024/08/27 7:50 p.m.10 views

GHSA-R3JQ-4R5C-J9HP Taipy has a Session Cookie without Secure and HTTPOnly flags

Summary Session cookie is without Secure and HTTPOnly flags. Details Please take a look at this part of code PoC screenshot or check code directly provided in Occurrences section below Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsxL6...

6.5CVSS6.2AI score0.00246EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/02/09 9:22 p.m.15 views

CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...

3.9CVSS6.7AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/09 9:22 p.m.19 views

CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...

3.9CVSS4.5AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2024/01/09 11:15 p.m.14 views

CVE-2024-0349

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an...

5.3CVSS4.6AI score0.00385EPSS
Exploits0References3
Prion
Prion
added 2024/01/09 11:15 p.m.23 views

Design/Logic Flaw

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an...

2.6CVSS7AI score0.00385EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/01/09 10:31 p.m.39 views

CVE-2024-0349

Affected product: SourceCodester Engineers Online Portal 1.0. The issue is a missing secure attribute on sensitive cookies, enabling potential cookie leakage. A remote attacker could exploit this vulnerability, with attack complexity described as high and no user interaction required. Multiple so...

5.3CVSS5.3AI score0.00385EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.4 views

PT-2024-15485 · Sourcecodester · Sourcecodester Engineers Online Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A vulnerability was found in the software, affecting an unknown functionality. The manipulation leads to a sensitive cookie without a secure attribute. The attack can be launched...

5.3CVSS6.8AI score0.00385EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/11/30 12:0 a.m.21 views

Pi-hole Web Interface <= 5.5.1 Multiple Vulnerabilities

The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.9AI score0.01101EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2023/11/09 12:0 a.m.11 views

Moxa PT-G503 Series Sensitive Cookie Not Properly Secured (CVE-2023-4217)

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. This...

5.3CVSS5.6AI score0.00323EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/11/02 12:0 a.m.19 views

phpMyFAQ < 3.2.1 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

7.4CVSS6.9AI score0.00532EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2023/10/31 3:31 a.m.20 views

Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...

6.3CVSS6.5AI score0.00287EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/10/31 1:15 a.m.16 views

Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...

6.5CVSS5.6AI score0.00287EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/10/31 12:0 a.m.44 views

CVE-2023-5866

The CVE-2023-5866 entry concerns phpMyFAQ before 3.2.1 where cookies in HTTPS sessions lack the Secure attribute, enabling potential sensitive data exposure. Affected product: phpMyFAQ (thorsten/phpmyfaq) prior to 3.2.1. Root cause: missing Secure flag on cookies during HTTPS sessions. Impact: co...

6.3CVSS5.6AI score0.00287EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 12:0 a.m.11 views

CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...

6.3CVSS6.7AI score0.00287EPSS
Exploits1References2
CNVD
CNVD
added 2023/10/11 12:0 a.m.8 views

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2023-97700)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...

5.3CVSS6AI score0.00407EPSS
Exploits0References1
OSV
OSV
added 2023/10/04 2:15 p.m.4 views

CVE-2022-43906

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...

5.3CVSS5.7AI score0.00407EPSS
Exploits0References2
Rows per page
Query Builder