CVE Vulnerabilities

CVE-2025-24318

Sensitive Cookie Without 'HttpOnly' Flag

Published: Feb 28, 2025 | Modified: Feb 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.

Weakness

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

Potential Mitigations

References