CVE-2018-6603

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
Configurations

Configuration 1 (hide)

cpe:2.3:a:promise:webpam_proe:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-07 05:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-6603

Mitre link : CVE-2018-6603

CVE.ORG link : CVE-2018-6603


JSON object : View

Products Affected

promise

  • webpam_proe
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')