Description
The SameSite attribute for sensitive cookies is not set, or an insecure value is used.
Extended Description
The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: 'Lax', 'Strict', or 'None'. If the 'None' value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).
CVE vulnerabilities with CWE-1275 (25)
9.8
CVSS
CRITICAL
CVE-2024-6611
pub. 2024-07-09
8.5
CVSS
HIGH
CVE-2023-53957
pub. 2025-12-19
8.2
CVSS
HIGH
CVE-2025-24897
pub. 2025-02-11
5.9
CVSS
MEDIUM
CVE-2022-38386
pub. 2024-05-01
5.5
CVSS
MEDIUM
CVE-2024-30155
pub. 2025-03-26
5.4
CVSS
MEDIUM
CVE-2024-42212
pub. 2025-05-05
5.3
CVSS
MEDIUM
CVE-2026-1697
pub. 2026-02-26
4.8
CVSS
MEDIUM
CVE-2025-24387
pub. 2025-03-10
4.6
CVSS
MEDIUM
CVE-2025-52628
pub. 2026-02-03
4.0
CVSS
MEDIUM
CVE-2026-55688
pub. 2026-07-01
3.7
CVSS
LOW
CVE-2025-36134
pub. 2025-11-25
3.7
CVSS
LOW
CVE-2024-43173
pub. 2024-10-22
2.3
CVSS
LOW
CVE-2026-8409
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8410
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8411
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8412
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8413
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8414
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8415
pub. 2026-05-21
2.3
CVSS
LOW
CVE-2026-8416
pub. 2026-05-21
Showing 20 of 25 vulnerabilities