CVE-2018-6603
MEDIUMPromise WebPam Pro-E - Cross-Site Scripting and HTTP Response Splitting via PHPSESSID Cookie
Title source: llmDescription
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
http://dfdrconsulting.com/cve-2018-6603-promise-technology-webpam-pro-e-http-response-header-injection-xss/
Scores
CVSS v3
6.1
EPSS
0.0077
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-74
CWE-79
Status
published
Products (1)
promise/webpam_proe
Published
Feb 07, 2018
Tracked Since
Feb 18, 2026