Download Netsparker
Pricing
Blog
Contact
Netsparker

Cookie Leakage in Anti-CSRF token Detected on Target Web Application

Netsparker identified a cookie used as Anti-CSRF Token.

Impact

During a cross-site scripting attack, an attacker might easily access cookies and hijack the victim's session even if cookie is marked as HttpOnly. If the cookie is not the session cookie you can ignore this issue.

Remedy

Avoid the usage of session cookie as Anti-CSRF Token.

External References


Go back to the Complete list of Vulnerability Checks.