Vulnerabilities / Cookie without HttpOnly flag

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
↓

Severity	low
Correlatable	sast
CWE Name	Cookie without HttpOnly flag
CWE ID	CWE-16
CWE Score	3.1
Compliance	OWASP TOP10 -> A7 PCI-DSS -> 6.5.10 ISO 27001 -> A.8.25 HIPAA -> 164.306(a)
CVSS
Attack Vector	Network
Attack Complexity	High
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	Low
Integrity Impact	None
Availability Impact	None

Cookie without HttpOnly flag