#1 - Webtune App - XSS - Session cookie is not http-only

The session cookie "rengginang" doesn't have the http-only flag. Vulnerable to XSS