CVE-2025-49189

Medium

The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts,…

SICK AG·CWE-1004·Published 2025-06-12

CVSS

6.1

EPSS

0.00

KEV

Exploits

cve.orgen

262 chars

The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.

NVDen

262 chars

NVDes

310 chars

El indicador HttpOnly de la cookie de sesión \"@@\" está configurado como falso. Dado que este indicador ayuda a impedir el acceso a las cookies mediante scripts del lado del cliente, configurarlo como falso puede aumentar la probabilidad de ataques de Cross-Side-Scripting dirigidos a las cookies almacenadas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N