CVE-2019-19002

Name of the Vulnerable Software and Affected Versions ABB eSOMS versions 4.0 through 6.0.2

Description The issue is related to the absence of the X-XSS-Protection HTTP response header in responses from the web server. This might increase the risk of Cross Site Scripting (XSS) attacks, particularly for older web browsers that do not support Content Security Policy. An attacker could exploit this to conduct a remote XSS attack.

Recommendations For ABB eSOMS versions 4.0 through 6.0.2, consider configuring the web server to include the X-XSS-Protection HTTP response header in its responses to mitigate the risk of Cross Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.