Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| promise | webpam_proe | - |