RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105410 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041697 | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2018/Sep/39 | Mailing List Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-09-28 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-11074
Mitre link : CVE-2018-11074
CVE.ORG link : CVE-2018-11074
JSON object : View
Products Affected
rsa
- authentication_manager
emc
- rsa_authentication_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')