CVE-2019-19003

Summary

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
ABBeSOMS4.0 to 6.0.2affected

Weaknesses

  • CWE-16: CWE-16 Configuration
  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References