An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie “Password508” does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
CPE | Name | Operator | Version |
---|---|---|---|
awk-3121_firmware | eq | 1.14 |