194 matches found
CVE-2022-43906 IBM Security Guardium information disclosure
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...
Security Bulletin: IBM Security Guardium has a missing or insecure SameSite attribute for a sensitive cookie (CVE-2022-43906)
Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2022-43906 DESCRIPTION: IBM Security Guardium could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. CVSS Base score: 3.1 CVSS...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654
The CVE-2023-4654 issue affects instantsoft/icms2 prior to 2.16.1, where an HTTPS session cookie is marked without the Secure attribute. Multiple sources (NVD entry, Red Hat advisory) corroborate this description. The root cause is the missing Secure flag on a session cookie, enabling potential c...
PT-2023-30070 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository instantsoft/icms2. Recommendations: For...
Moxa AWK-3121 Sensitive Cookie Without Httponly Flag (CVE-2018-10692)
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie Password508 does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. This plugin only works with Tenable.ot. Please visit...
CVE-2023-3520
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...
CVE-2023-3520 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...
CVE-2023-3520
The CVE-2023-3520 entry describes a vulnerability in OpenITCOCKPIT (GitHub repo it-novum/openitcockpit) prior to version 4.6.6 where HTTPS session cookies lack the Secure attribute. This could expose sensitive cookie data in transit. Affected component: session cookies handling in OpenITCOCKPIT; ...
Cross site scripting
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...
CVE-2023-2876 Session cookie exposure for client side script
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...
CVE-2023-2876 Session cookie exposure for client side script
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...
CVE-2023-2876
CVE-2023-2876 affects ABB REX640 PCL1, PCL2 and PCL3 firmware modules. Root cause: cookies set without HttpOnly enable, enabling cross-site scripting (XSS). Affected versions: PCL1 1.0.0–1.0.7; PCL2 1.0.0–1.1.3; PCL3 1.0.0–1.2.0. Impact: Web/OT interfaces may allow cookie exposure and script-base...
PT-2023-9781 · Abb · Abb Rex640 Pcl3 +2
Name of the Vulnerable Software and Affected Versions: ABB REX640 PCL1 versions 1.0;0 through 1.0.7 ABB REX640 PCL2 versions 1.0;0 through 1.1.3 ABB REX640 PCL3 versions 1.0;0 through 1.2.0 Description: The issue is related to a Sensitive Cookie without the 'HttpOnly' flag, which allows an attack...
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit
Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Date: 01.11.2023 Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...