CVE-2023-4654

LOW Year: 2023
CVSS v3 Score
2.6
Low
Weakness Type
CWE-614
View all →

Vulnerability Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

Related Vulnerabilities

CVE-2023-0055

LOW
CVSS:3.1(Low)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

CWE-6142023

CVE-2020-27650

LOW
CVSS:3.7(Low)

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by in...

CWE-6142020

CVE-2024-30142

LOW
CVSS:3.8(Low)

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies...

CWE-6142024

CVE-2022-4683

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

CWE-6142022

CVE-2023-3520

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

CWE-6142023

CVE-2023-42016

MEDIUM
CVSS:4.3(Medium)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ...

CWE-6142023