Hasplm cookie in Gemalto Admin Control Center, all versions before 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
gemalto sentinel ldk