The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NSick Media Server
APPSick< 1.5
Powiązane podatności
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...
Files in the source code contain login credentials for the admin user and the property configuration password,...
The application fails to implement several security headers. These headers help increase the overall security ...