Sensitive Cookie Without 'HttpOnly' Flag in pkp/ojs
Oct 7th 2021
HTTPOnly attribute is not set for session cookies "OJSSID" in the application.
Proof of Concept
Check this for POC: Image