Can HTTPOnly tag be disabled in WordPress Login Cookie?
Good day, I'm trying to create a docker environment where one can exercise stored XSS. The XSS happens in the comment section and sends the document.cookie content to the attacker. The login cookie is not sent. That is only possible…