Cross site scripting

2020-04-0220:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

CPENameOperatorVersion
esomsge4.0
esomsle6.0.2

CPE	Name	Operator	Version
	esoms	ge	4.0
	esoms	le	6.0.2

References

search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch