Details | |
---|---|
Alert ID | 100003 |
Alert Type | Script Passive |
Status | alpha |
Risk | Low |
CWE | |
WASC | 13 |
Technologies Targeted | All |
Tags | |
More Info |
Scan Rule Help |
Summary
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.