How severe is CVE-2019-25091?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-25091?

This is classified as CWE-1004, which is a common weakness in software security.

CVE-2019-25091 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2022-4630

MEDIUM

CVSS:5.3(Medium)

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.

CWE-10042022

CVE-2023-4217

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to securit...

CWE-10042023

CVE-2020-27658

MEDIUM

CVSS:6.1(Medium)

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi...

CWE-10042020

CVE-2022-21939

MEDIUM

CVSS:6.1(Medium)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

CWE-10042022

CVE-2023-2876

MEDIUM

CVSS:6.1(Medium)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).T...

CWE-10042023

CVE-2024-6739

MEDIUM

CVSS:6.1(Medium)

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

CWE-10042024