CVE-2025-27453

Medium

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

SICK AG·CWE-1004·Published 2025-07-03

CVSS

6.5

EPSS

0.00

KEV

Exploits

cve.orgen

134 chars

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

NVDen

134 chars

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

NVDes

148 chars

El indicador HttpOnly está configurado como falso en la cookie PHPSESSION. Por lo tanto, otras fuentes, como JavaScript, pueden acceder a la cookie.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N