Threats Tagged 'cwe-1004'

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator views the page. This enables attackers to steal the administrator’s session cookies, potentially leading to full administrative account takeover. This vulnerability is fixed in 6.5.3.

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's DOM. Although the application ultimately returns an HTTP 500 error due to the malformed API request caused by the payload, the browser's JavaScript engine parses and executes the injected <script> tags before the error response is returned — resulting in successful code execution regardless of the server-side error. This vulnerability is fixed in 7.1.0.

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

MediumVulnerabilityUnited KingdomGermanyFrance+4#cve#cve-2026-0696#cwe-1004

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device.

HighVulnerabilityGermanyFranceUnited Kingdom+4#cve#cve-2026-22081#cwe-1004

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

MediumVulnerabilityGermanyFranceUnited Kingdom+4#cve#cve-2025-12031#cwe-1004

CVE-2025-42909 is a low-severity vulnerability in SAP Cloud Appliance Library Appliances, specifically affecting the TITANIUM_WEBAPP 4. 0 version. It involves a sensitive cookie lacking the HttpOnly flag due to an insecure default profile setting in S/4HANA appliances. An attacker with high privileges on one appliance could potentially access other appliances by exploiting this cookie vulnerability. The impact on confidentiality is low, and there is no impact on integrity or availability. Exploitation requires network access, high privileges, and no user interaction. No known exploits are currently reported in the wild. European organizations using SAP CAL appliances should review and harden their cookie security settings to mitigate risk. Countries with significant SAP enterprise deployments and critical infrastructure relying on SAP systems are more likely to be affected.

LowVulnerabilityGermanyFranceNetherlands+4#cve#cve-2025-42909#cwe-1004

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.

HighVulnerabilityGermanyFranceUnited Kingdom+5#cve#cve-2025-53757#cwe-614

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

MediumVulnerabilityGermanyFranceItaly+4#cve#cve-2025-27453#cwe-1004

The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.

MediumVulnerabilityGermanyFranceItaly+7#cve#cve-2025-49189#cwe-1004

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker — potentially leading to account takeover. Version 1.1.0.3 fixes the issue.

MediumVulnerabilityGermanyFranceNetherlands+4#cve#cve-2025-47289#cwe-1004