In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

Related CVEs

CVE-2021-34563

Key Information

GHSA ID

GHSA-mh9v-6mm6-9gm4

Published

May 24, 2022 7:12 PM

Last Modified

September 30, 2022 12:00 AM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.