CVE-2015-3319

EUVD-2015-3365
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
hotspotexpresshotex_billing_manager
73.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2015/Apr/18
http://www.securityfocus.com/archive/1/535186/100/0/threaded
http://www.securityfocus.com/bid/74205
http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2015/Apr/18
http://www.securityfocus.com/archive/1/535186/100/0/threaded
http://www.securityfocus.com/bid/74205