Description

The applications cookies are generated without properly setting the HttpOnly attribute.

Impact

Obtain sensitive information by performing a XSS attack.

Recommendation

The application must set the HttpOnly attribute in the cookies with sensitive information.

Threat

Authorized attacker from internet network performing a XSS attack.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes