For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
Para ABB eSOMS versiones 4.0 hasta 6.0.2, el encabezado de respuesta HTTP X-XSS-Protection no está configurado en las respuestas del servidor web. Para navegadores web más antiguos no compatibles con la Política de Seguridad de Contenido, esto podría aumentar el riesgo de ataques de tipo Cross Site Scripting.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
AV:N/AC:M/Au:S/C:N/I:P/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | SINGLE |
| Confidentiality Impact | NONE |
| Integrity Impact | PARTIAL |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-16
en
CWE-79
|
| [email protected] | Primary |
en
CWE-79
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | esoms | * | <built-in method update of dict object at 0x72a9b0b5c080> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:esoms:*:*:*:*:*:*:*:* |