CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
Official CWE-1004 definition at MITREImpactr finds and proves weaknesses like CWE-1004 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist