Unrated severityNVD Advisory· Published Apr 2, 2020· Updated Aug 5, 2024
ABB eSOMS X-XSS-Protection not enabled
CVE-2019-19002
Description
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
Affected products
2- ABB/eSOMSv5Range: 4.0 to 6.0.2
Patches
Vulnerability mechanics
References
1- search.abb.com/library/Download.aspxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.