Lucene search
K

194 matches found

Cvelist
Cvelist
added 2023/10/04 1:50 p.m.36 views

CVE-2022-43906 IBM Security Guardium information disclosure

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897...

3.1CVSS5.1AI score0.00407EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/22 8:43 p.m.24 views

Security Bulletin: IBM Security Guardium has a missing or insecure SameSite attribute for a sensitive cookie (CVE-2022-43906)

Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2022-43906 DESCRIPTION: IBM Security Guardium could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. CVSS Base score: 3.1 CVSS...

5.3CVSS4.2AI score0.00407EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/08/31 1:15 a.m.16 views

Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

2.1CVSS4AI score0.00289EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/31 12:0 a.m.10 views

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

2.6CVSS6.8AI score0.00289EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/31 12:0 a.m.25 views

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

2.6CVSS4.3AI score0.00289EPSS
Exploits1References2
OSV
OSV
added 2023/08/31 12:0 a.m.18 views

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

2.6CVSS4.1AI score0.00289EPSS
Exploits1References4
CVE
CVE
added 2023/08/31 12:0 a.m.42 views

CVE-2023-4654

The CVE-2023-4654 issue affects instantsoft/icms2 prior to 2.16.1, where an HTTPS session cookie is marked without the Secure attribute. Multiple sources (NVD entry, Red Hat advisory) corroborate this description. The root cause is the missing Secure flag on a session cookie, enabling potential c...

3.5CVSS3.8AI score0.00289EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.7 views

PT-2023-30070 · Unknown · Instantsoft/Icms2

Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository instantsoft/icms2. Recommendations: For...

3.5CVSS3.6AI score0.00289EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.10 views

Moxa AWK-3121 Sensitive Cookie Without Httponly Flag (CVE-2018-10692)

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie Password508 does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. This plugin only works with Tenable.ot. Please visit...

6.1CVSS6.7AI score0.01284EPSS
Exploits1References5
NVD
NVD
added 2023/07/06 1:15 a.m.34 views

CVE-2023-3520

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

4.6CVSS4.6AI score0.00302EPSS
Exploits1References2
Prion
Prion
added 2023/07/06 1:15 a.m.16 views

Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

4CVSS4.7AI score0.00302EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/06 12:0 a.m.33 views

CVE-2023-3520 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

4.3CVSS5AI score0.00302EPSS
Exploits1References2
CVE
CVE
added 2023/07/06 12:0 a.m.40 views

CVE-2023-3520

The CVE-2023-3520 entry describes a vulnerability in OpenITCOCKPIT (GitHub repo it-novum/openitcockpit) prior to version 4.6.6 where HTTPS session cookies lack the Secure attribute. This could expose sensitive cookie data in transit. Affected component: session cookies handling in OpenITCOCKPIT; ...

4.6CVSS4.6AI score0.00302EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/06/13 4:15 a.m.23 views

Cross site scripting

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

5.8CVSS6AI score0.00292EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2023/06/13 3:52 a.m.36 views

CVE-2023-2876 Session cookie exposure for client side script

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

3.1CVSS6.2AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/13 3:52 a.m.11 views

CVE-2023-2876 Session cookie exposure for client side script

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

3.1CVSS6.1AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2023/06/13 3:52 a.m.60 views

CVE-2023-2876

CVE-2023-2876 affects ABB REX640 PCL1, PCL2 and PCL3 firmware modules. Root cause: cookies set without HttpOnly enable, enabling cross-site scripting (XSS). Affected versions: PCL1 1.0.0–1.0.7; PCL2 1.0.0–1.1.3; PCL3 1.0.0–1.2.0. Impact: Web/OT interfaces may allow cookie exposure and script-base...

6.1CVSS4.9AI score0.00292EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.6 views

PT-2023-9781 · Abb · Abb Rex640 Pcl3 +2

Name of the Vulnerable Software and Affected Versions: ABB REX640 PCL1 versions 1.0;0 through 1.0.7 ABB REX640 PCL2 versions 1.0;0 through 1.1.3 ABB REX640 PCL3 versions 1.0;0 through 1.2.0 Description: The issue is related to a Sensitive Cookie without the 'HttpOnly' flag, which allows an attack...

6.4CVSS5.9AI score0.00292EPSS
Exploits0References4
0day.today
0day.today
added 2023/04/03 12:0 a.m.225 views

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/03 12:0 a.m.171 views

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Date: 01.11.2023 Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

7.4AI score
Exploits0
Rows per page
Query Builder