| Details | |
|---|---|
| Alert ID | 100003 |
| Alert Type | Script Passive |
| Status | alpha |
| Risk | Low |
| CWE | |
| WASC | 13 |
| Technologies Targeted | All |
| Tags | |
| More Info |
Scan Rule Help |
Summary
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.