CWE-1275

Total CVEs
6
Vulnerabilities
Avg CVSS v3
6.1
Medium
Latest CVE
2025
Most Recent

Severity Distribution

Critical 1
16.7%
High 0
0%
Medium 4
66.7%
Low 1
16.7%

External References

MITRE CWE
Official CWE definition
NIST NVD
Search CVEs by CWE

All CVEs (6)

Page 1 of 1

CVE-2024-6611

CRITICAL
CVSS:9.8(Critical)

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CWE-12752024

CVE-2025-24387

MEDIUM
CVSS:6.5(Medium)

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious w...

CWE-12752025

CVE-2022-38386

MEDIUM
CVSS:5.9(Medium)

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow a...

CWE-12752022

CVE-2024-30155

MEDIUM
CVSS:5.5(Medium)

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

CWE-12752024

CVE-2024-42212

MEDIUM
CVSS:5.4(Medium)

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into mak...

CWE-12752024

CVE-2024-43173

LOW
CVSS:3.7(Low)

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

CWE-12752024