Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts...

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi...

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.