Loading
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.
Use CWE-79, Seagate vendor hub and Nas Os product page to widen CVE-2018-12302 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2018-12295, CVE-2018-12301 and CVE-2018-12298 for nearby disclosures in the same product family.