CVE-2023-4217

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-1004
View all →

Vulnerability Description

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Related Vulnerabilities

CVE-2019-25091

MEDIUM
CVSS:5.3(Medium)

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation...

CWE-10042019

CVE-2022-4630

MEDIUM
CVSS:5.3(Medium)

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.

CWE-10042022

CVE-2020-27658

MEDIUM
CVSS:6.1(Medium)

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi...

CWE-10042020

CVE-2022-21939

MEDIUM
CVSS:6.1(Medium)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

CWE-10042022

CVE-2023-2876

MEDIUM
CVSS:6.1(Medium)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).T...

CWE-10042023

CVE-2024-6739

MEDIUM
CVSS:6.1(Medium)

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

CWE-10042024