Описание
The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.
Ссылки
EPSS
Процентиль: 19%
0.0006
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-1004
Связанные уязвимости
CVSS3: 5.3
github
8 месяцев назад
The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.
EPSS
Процентиль: 19%
0.0006
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-1004