Описание
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
A flaw was found where 3scale did not set the HTTPOnly attribute on the user session cookie. An attacker could abuse this flaw to conduct Cross-site Scripting attacks and gain access to unauthorized information.
Дополнительная информация
Статус:
4.6 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
4.6 Medium
CVSS3