VYPR
Unrated severityNVD Advisory· Published Apr 2, 2020· Updated Aug 5, 2024

ABB eSOMS: HTTPOnly flag not set

CVE-2019-19003

Description

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

Affected products

2
  • Hitachi/eSOMSllm-fuzzy
    Range: >=4.0 <=6.0.2
  • ABB/eSOMSv5
    Range: 4.0 to 6.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.