Lucene search
Quentin.berdugoEDB-ID:31411HistoryMar 17, 2008 - 12:00 a.m.
RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting
2008-03-1700:00:00
quentin.berdugo
www.exploit-db.com
46
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/28277/info
RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RSA WebID 5.3 is vulnerable; other versions may also be affected.
https://www.example.com/WebID/IISWebAgentIF.dll?stage=useridandpasscode&referrer=Z2F&sessionid=0&authntype=2&username=a&passcode=a&postdata=aaa"%20><SCRIPT>alert(document.cookie)</script><!-- Related
exploitdb
exploitdb
RSA - SecurID Cross-Site Scripting
2010-02-11 00:00:00
seebug
seebug
RSA认证代理登录页面IISWebAgentIF.dll跨站脚本漏洞
2008-04-25 00:00:00
prion
prion
Cross site scripting
2008-03-24 22:44:00
Cross site scripting
2008-04-30 14:10:00
cvelist
cvelist
CVE-2008-1470
2008-03-24 22:00:00
CVE-2008-2026
2008-04-30 14:00:00
cve
cve
CVE-2008-1470
2008-03-24 22:44:00
CVE-2008-2026
2008-04-30 14:10:00
nvd
nvd
CVE-2008-1470
2008-03-24 22:44:00
CVE-2008-2026
2008-04-30 14:10:00