You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
httponly
About this tag
The httponly tag on WindowsForum.com covers discussions about the HttpOnly cookie flag, a security attribute that prevents client-side scripts from accessing cookies, mitigating cross-site scripting (XSS) attacks. Content includes analysis of Microsoft security advisories, such as CVE-2025-49745 affecting Dynamics 365 on-premises, where improper input neutralization leads to XSS vulnerabilities. The tag emphasizes the importance of setting the HttpOnly flag on session cookies to reduce the risk of cookie theft via XSS. Recurring themes include web application security, Microsoft product patches, and best practices for hardening cookie-based authentication against script-based attacks.
Microsoft has assigned CVE-2025-49745 to a cross‑site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 (on‑premises), describing an issue where improper neutralization of input during web page generation can allow an attacker to perform spoofing over a network against on‑premises...