CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3319
https://notcve.org/view.php?id=CVE-2015-3319
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Hotspot Express hotEx Billing Manager 73 no incluye el indicador HTTPOnly en una cabecera Set-Cookie, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a esta cookie. • http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Apr/18 http://www.securityfocus.com/archive/1/535186/100/0/threaded http://www.securityfocus.com/bid/74205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •