Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12637

[Security] ZAP Scan Issue : Cookie No HttpOnly Flag

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Development
    • Priority: Low
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Production
    • Bug Severity:
      Low
    • Level:
      Admin, Employee, Partner
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      Development - In Analysis

      Description

      A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

      For more details please refer attached HTML report

      CC SamirRakesh RoyJaideep Vinchurkaranirudha joshi
      SearchEmp_Spider.html

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              vijayendra Vijayendra Shinde (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 7.5h
                  7.5h