HttpOnly flag not set for cookie on concrete5.org
Unknown
Vulnerability Details
Hi,
The HttpOnly flag is not set on concrete5.org, making it easy to steal the cookie when a XSS is present on the site.
See [HttpOnly on OWASP](https://www.owasp.org/index.php/HttpOnly) for more information.
Actions
View on HackerOneReport Stats
- Report ID: 4792
- State: Closed
- Substate: resolved
- Upvotes: 9