Unrated severityNVD Advisory· Published Apr 2, 2020· Updated Aug 5, 2024
ABB eSOMS: HTTPOnly flag not set
CVE-2019-19003
Description
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
Affected products
2- ABB/eSOMSv5Range: 4.0 to 6.0.2
Patches
Vulnerability mechanics
References
1- search.abb.com/library/Download.aspxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.