CVE-2019-19002 — Cross-site Scripting in Esoms

CWE-16 CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.3

EPSS

0.3%

top 48.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachienergy Esoms ABB Esoms

Timeline

PublishedApr 2

Latest updateMay 24

Description

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDhitachienergy/esoms4.0 — 6.0.2

▶CVEListV5abb/esoms4.0 to 6.0.2

🔴Vulnerability Details

GHSA

GHSA-pgjp-v577-m7x4: For ABB eSOMS versions 4↗2022-05-24

▶

CVEList

ABB eSOMS X-XSS-Protection not enabled↗2020-04-02

▶