CVE-2018-6603

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
Configurations

Configuration 1 (hide)

cpe:2.3:a:promise:webpam_proe:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:10

Type Values Removed Values Added
References () http://dfdrconsulting.com/cve-2018-6603-promise-technology-webpam-pro-e-http-response-header-injection-xss/ - Third Party Advisory () http://dfdrconsulting.com/cve-2018-6603-promise-technology-webpam-pro-e-http-response-header-injection-xss/ - Third Party Advisory

Information

Published : 2018-02-07 05:29

Updated : 2024-11-21 04:10


NVD link : CVE-2018-6603

Mitre link : CVE-2018-6603

CVE.ORG link : CVE-2018-6603


JSON object : View

Products Affected

promise

  • webpam_proe
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')