CVE-2019-19003

Name of the Vulnerable Software and Affected Versions ABB eSOMS versions 4.0 through 6.0.2

Description The issue is related to the absence of the HttpOnly flag in session cookies, which can allow JavaScript to access the cookie contents. This might enable Cross Site Scripting (XSS) attacks, where a remote attacker could exploit the vulnerability to conduct such attacks.

Recommendations For versions 4.0 through 6.0.2, consider setting the HttpOnly flag for session cookies to prevent JavaScript from accessing the cookie contents as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.