Missing HTTPOnly Flag in Hotspot Express hotEx Billing Manager 73 Set-Cookie Header Vulnerability

Missing HTTPOnly Flag in Hotspot Express hotEx Billing Manager 73 Set-Cookie Header Vulnerability

CVE-2015-3319 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Learn more about our Web Application Penetration Testing UK.