What is CVE-2019-19003?

CVE-2019-19003 is a medium-severity vulnerability in Abb Esoms, classified under CWE-16. CVSS score: 5.3/10. Published 2020-04-02.

How severe is CVE-2019-19003?

Medium severity. CVSS v3 base score is 5.3 out of 10.

XSS in Abb Esoms

CVE-2019-19003

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

EPSS: 0.004 (59.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Abb Esoms — versions 4.0 to 6.0.2

Weakness classification (CWE)

CWE-16
CWE-79 — Cross-site Scripting

References

search.abb.com/library/Download.aspx (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-19003?: CVE-2019-19003 is a medium-severity vulnerability in Abb Esoms, classified under CWE-16. CVSS score: 5.3/10. Published 2020-04-02.
How severe is CVE-2019-19003?: Medium severity. CVSS v3 base score is 5.3 out of 10.