Описание
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-27453
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.endress.com
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf
Связанные уязвимости
CVSS3: 5.3
nvd
7 месяцев назад
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
CVSS3: 5.3
fstec
7 месяцев назад
Уязвимость микропрограммного обеспечения промышленного цифрового газоанализатора MEAC300-FNADE4, связанная с использованием cookie для хранения конфиденциальной информации без флага HttpOnly, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации