BUG REPORT: PGP Universal XSS vulnerability due to missing HttpOnly flag in JESESSION cookie. CVE-2012-0053