Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1004 (没有’HttpOnly’标志的敏感Cookie) — Vulnerability Class 27

27 vulnerabilities classified as CWE-1004 (没有’HttpOnly’标志的敏感Cookie). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0696 Session Cookies Missing HttpOnly Attribute — PSA 6.5 Medium2026-01-16
CVE-2026-22081 Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers — 300Mbps Wireless Router F3 and N300 Easy Setup Router 7.5 -2026-01-09
CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute — BLU-IC2 5.3AIMediumAI2025-10-21
CVE-2025-42909 Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances — SAP Cloud Appliance Library Appliances 3.0 Low2025-10-14
CVE-2025-27453 CVE-2025-27453 — Endress+Hauser MEAC300-FNADE4 5.3 Medium2025-07-03
CVE-2025-49189 Cookie missing HttpOnly flag — SICK Media Server 5.3 Medium2025-06-12
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag — PhoenixCart 6.3 Medium2025-06-02
CVE-2025-24318 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag — Dario Application Database and Internet-based Server Infrastructure 6.8 Medium2025-02-28
CVE-2025-0479 Security Misconfiguration Vulnerability in CP Plus Router — CP-XR-DE21-S Router 9.1 -2025-01-20
CVE-2022-43845 IBM Aspera Console information disclosure — Aspera Console 3.7 Low2024-09-24
CVE-2022-33167 IBM Security Directory Integrator information disclosure — Security Directory Integrator 3.7 Low2024-07-30
CVE-2024-41685 Cookie Without HTTPOnly Flag Set Vulnerability — SyroTech SY-GPON-1110-WDONT router 5.3 -2024-07-26
CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag — MailGates 5.3 Medium2024-07-15
CVE-2023-4217 Session cookies attribute not set properly — PT-G503 Series 3.1 Low2023-11-02
CVE-2023-4228 ioLogik 4000 Series: Session Cookies Attribute Not Set Properly — ioLogik 4000 Series 3.1 Low2023-08-24
CVE-2023-2876 Session cookie exposure for client side script — REX640 PCL1 3.1 Low2023-06-13
CVE-2022-21939 Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT) — System Configuration Tool (SCT) 7.5 High2023-02-09
CVE-2019-25091 nsupdate.info CSRF Cookie base.py cookie httponly flag — nsupdate.info 3.7 Low2022-12-27
CVE-2022-4630 Sensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradius — lirantal/daloradius 5.3 -2022-12-21
CVE-2022-25172 InHand Networks InRouter302 跨站脚本漏洞 — InRouter302 6.1 -2022-05-12
CVE-2021-42115 Missing HTTPOnly flag on sensitive cookie in TopEase — TopEase 8.1 High2021-11-30
CVE-2021-39210 Autologin cookie accessible by scripts — glpi 6.5 Medium2021-09-15
CVE-2021-3706 Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte — pi-hole/adminlte 7.5 -2021-09-15
CVE-2021-34563 In WirelessHART-Gateway versions 3.0.8 and 3.0.9 the HttpOnly flag is missing in a cookie which allows client-side javascript to modify it — WHA-GW-F2D2-0-AS- Z2-ETH 3.3 Low2021-08-31
CVE-2020-27658 Synology Router Manager 安全漏洞 — Synology Router Manager (SRM) 7.1 High2020-10-29
CVE-2020-6267 SAP Disclosure Management 跨站脚本漏洞 — SAP Disclosure Management 6.5 -2020-07-14
CVE-2019-8283 Gemalto Admin Control Center 信息泄露漏洞 — Sentinel LDK RTE 6.5 -2019-06-07

Vulnerabilities classified as CWE-1004 (没有’HttpOnly’标志的敏感Cookie) represent 27 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.