User Controllable Cookie
Invicti identified a user controllable cookie.
Attackers can easily set an arbitrary value in the cookie and this may allow them to bypass authentication, carry out attacks such as SQL injection and cross-site scripting or modify inputs in unexpected ways.
Add integrity checks and server side validation to detect tampering.
Invicti Security Insights