Cookie without SameSite Attribute
- Risk:
Low
- Type:
- Passive
- CWE:
- CWE-1275
- Summary
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a ‘cross-site’ request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
- Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections
Auction giant Sotheby’s says data breach exposed financial information
Have I Been Pwned: Prosper data breach impacts 17.6 million accounts
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)
Microsoft: Office 2016 and Office 2019 have reached end of support
Gladinet fixes actively exploited zero-day in file-sharing software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
CVE-2025-61882 Oracle E-Business Suite Unspecified Vulnerability
CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability
Free online web security scanner