Admin Console is not using HttpOnly attribute in cookies
Medium (CVSS: 5.0)
NVT: Missing httpOnly Cookie Attribute (OID: 188.8.131.52.4.1.256184.108.40.206925)
The cookies: Set-Cookie: JSESSIONID=6ib0auzolp564mh73rkjvxil;Path=/ are missing the httpOnly attribute.
Set the 'httpOnly' attribute for any session cookies.
Vulnerability Detection Method
Check all cookies sent by the application for a missing 'httpOnly' attribute
I think this is fixed since 3.10.3