CVE-2019-19002 Information

Description

For ABB eSOMS versions 4.0 to 6.0.2 the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy this might increase the risk of Cross Site Scripting.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4