| Details | |
|---|---|
| Alert ID | 10010 |
| Alert Type | Passive |
| Status | release |
| Risk | Low |
| CWE | 1004 |
| WASC | 13 |
| Technologies Targeted | All |
| Tags |
CWE-1004 OWASP_2017_A06 OWASP_2021_A05 POLICY_DEV_STD POLICY_PENTEST POLICY_QA_STD SYSTEMIC WSTG-V42-SESS-02 |
| More Info |
Scan Rule Help |
Summary
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.