Sensitive Cookie Without HttpOnly Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rex640_pcl1_firmware | Abb | 1.0.0 (including) | 1.0.8 (excluding) |