194 matches found
CVE-2022-3251
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...
The vulnerability of the software-hardware control and protection systems for SCADA systems, ABB REX640, arises from the use of a sensitive cookie without the “HttpOnly” flag. This allows attackers to perform cross-site scripting attacks.
The vulnerability of the software-hardware control and protection systems for SCADA systems in ABB REX640 is related to a sensitive cookie without the “HttpOnly” flag. Exploiting this vulnerability allows attackers to perform cross-site scripting XSS attacks...
CVE-2022-43845
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...
Sensitive Cookie In HTTPS Session Without "Secure" Attribute
taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...
GHSA-R3JQ-4R5C-J9HP Taipy has a Session Cookie without Secure and HTTPOnly flags
Summary Session cookie is without Secure and HTTPOnly flags. Details Please take a look at this part of code PoC screenshot or check code directly provided in Occurrences section below Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsxL6...
CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...
CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...
CVE-2024-0349
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an...
Design/Logic Flaw
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an...
CVE-2024-0349
Affected product: SourceCodester Engineers Online Portal 1.0. The issue is a missing secure attribute on sensitive cookies, enabling potential cookie leakage. A remote attacker could exploit this vulnerability, with attack complexity described as high and no user interaction required. Multiple so...
PT-2024-15485 · Sourcecodester · Sourcecodester Engineers Online Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A vulnerability was found in the software, affecting an unknown functionality. The manipulation leads to a sensitive cookie without a secure attribute. The attack can be launched...
Pi-hole Web Interface <= 5.5.1 Multiple Vulnerabilities
The Pi-hole Web Interface previously AdminLTE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Moxa PT-G503 Series Sensitive Cookie Not Properly Secured (CVE-2023-4217)
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. This...
phpMyFAQ < 3.2.1 Multiple Vulnerabilities
phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
CVE-2023-5866
The CVE-2023-5866 entry concerns phpMyFAQ before 3.2.1 where cookies in HTTPS sessions lack the Secure attribute, enabling potential sensitive data exposure. Affected product: phpMyFAQ (thorsten/phpmyfaq) prior to 3.2.1. Root cause: missing Secure flag on cookies during HTTPS sessions. Impact: co...
CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
IBM Security Guardium Information Disclosure Vulnerability (CNVD-2023-97700)
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...
CVE-2022-43906
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...