CVE-2019-19003

CWE-16CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 41.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hitachienergy EsomsABB Esoms
Timeline
PublishedApr 2
Latest updateMay 24

Description

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDhitachienergy/esoms4.06.0.2
CVEListV5abb/esoms4.0 to 6.0.2

🔴Vulnerability Details

2
GHSA
GHSA-96cj-23g7-5gr2: For ABB eSOMS versions 42022-05-24
CVEList
ABB eSOMS: HTTPOnly flag not set2020-04-02
CVE-2019-19003 (MEDIUM CVSS 6.1) | For ABB eSOMS versions 4.0 to 6.0.2 | cvebase.io