Severity

3.3

Vulnerability Type

Sensitive Cookie Without 'HttpOnly' Flag (CWE-1004)

Summary

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

Impact

no impact information found