Cross site scripting

2019-12-0321:15:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

CPENameOperatorVersion
rsa_authentication_managereq8.4
rsa_authentication_managereq8.4 p6
rsa_authentication_managereq8.4 p5
rsa_authentication_managereq8.4 p4
rsa_authentication_managereq8.4 p3
rsa_authentication_managereq8.4 p2
rsa_authentication_managereq8.4 p1
rsa_authentication_managereq8.4 p7
authentication_managerlt8.4

Name	Operator	Version
rsa_authentication_manager	eq	8.4
rsa_authentication_manager	eq	8.4 p6
rsa_authentication_manager	eq	8.4 p5
rsa_authentication_manager	eq	8.4 p4
rsa_authentication_manager	eq	8.4 p3
rsa_authentication_manager	eq	8.4 p2
rsa_authentication_manager	eq	8.4 p1
rsa_authentication_manager	eq	8.4 p7
authentication_manager	lt	8.4