VYPR
Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Jan 3, 2025

Session cookie exposure for client side script

CVE-2023-2876

Description

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.

Affected products

4
  • Abb/REX640llm-create4 versions
    PCL1 >= 1.0.0, < 1.0.8; PCL2 >= 1.0.0, < 1.1.4; PCL3 >= 1.0.0, < 1.2.1+ 3 more
    • (no CPE)range: PCL1 >= 1.0.0, < 1.0.8; PCL2 >= 1.0.0, < 1.1.4; PCL3 >= 1.0.0, < 1.2.1
    • (no CPE)range: 1.0;0
    • (no CPE)range: 1.0;0
    • (no CPE)range: 1.0;0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.