An issue exists on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moxa awk-3121_firmware 1.14 |