Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
Exploitability
AV:NAC:HAT:PPR:NUI:AVulnerable System
VC:HVI:NVA:NSubsequent System
SC:NSI:NSA:N5.9/CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NOther