VYPR
Unrated severityNVD Advisory· Published Apr 2, 2020· Updated Aug 5, 2024

ABB eSOMS X-XSS-Protection not enabled

CVE-2019-19002

Description

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.

Affected products

2
  • Hitachi/eSOMSllm-fuzzy
    Range: 4.0 to 6.0.2
  • ABB/eSOMSv5
    Range: 4.0 to 6.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.