Lucene search
K

4 matches found

OSV
OSV
added 2023/06/13 4:15 a.m.4 views

CVE-2023-2876

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

6.1CVSS5.8AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/13 3:52 a.m.36 views

CVE-2023-2876 Session cookie exposure for client side script

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

3.1CVSS6.2AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/13 3:52 a.m.11 views

CVE-2023-2876 Session cookie exposure for client side script

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 firmware modules, ABB REX640 PCL2 Firmware modules, ABB REX640 PCL3 firmware modules allows Cross-Site Scripting XSS.This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3...

3.1CVSS6.1AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2023/06/13 3:52 a.m.60 views

CVE-2023-2876

CVE-2023-2876 affects ABB REX640 PCL1, PCL2 and PCL3 firmware modules. Root cause: cookies set without HttpOnly enable, enabling cross-site scripting (XSS). Affected versions: PCL1 1.0.0–1.0.7; PCL2 1.0.0–1.1.3; PCL3 1.0.0–1.2.0. Impact: Web/OT interfaces may allow cookie exposure and script-base...

6.1CVSS4.9AI score0.00292EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder