ABBCVELIST:CVE-2023-2876CVE-2023-2876 Session cookie exposure for client side script
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
19.9%
Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"firmware"
],
"product": "REX640 PCL1",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0;0",
"versionType": "firmware update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "REX640 PCL2",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "1.0;0",
"versionType": "firwmare update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"firmware"
],
"product": "REX640 PCL3",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "1.0;0",
"versionType": "firwmare update"
}
]
}
]Related
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
19.9%