CVE-2022-25151 - Session cookie not protected by HttpOnly flag (ITarian SaaS platform / on-premise)
Technical details
Session cookie not protected by HttpOnly flag (ITarian SaaS platform / on-premise)
Being able to steal cookies exploiting XSS, is caused by the lack of HttpOnly. Both on-premise and SaaS platforms do not implement the HttpOnly flag on session cookies. Setting HttpOnly stops JavaScript from being able to access the cookie and as such mitigates XSS attacks which are trying to steal session cookies, as demonstrated with the XSS vulnerability.