Vulnerability Type
Sensitive Cookie Without 'HttpOnly' Flag
(CWE-1004)
Summary
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
Impact
no impact information found