Cross-Site Scripting Vulnerability in RSA Authentication Agent
CVE-2008-2026

Currently unrated

Key Information:

Vendor: Rsa
Status: Authentication Agent
Vendor: CVE Published:; 30 April 2008

What is CVE-2008-2026?

A cross-site scripting vulnerability exists in WebID/IISWebAgentIF.dll used by RSA Authentication Agent. This security flaw allows remote attackers to exploit the application by injecting arbitrary web scripts or HTML through a specially crafted URL-encoded postdata parameter. The affected versions include RSA Authentication Agent 5.3.0.258 and earlier releases before version 5.3.3.378. This vulnerability poses significant risks to web security, enabling attackers to manipulate user sessions or deliver malicious content.

References

http://securityreason.com/securityalert/3848

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/14954

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/491247/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2008
Vulnerability Reserved
Apr 30, 2008

Rsa

What is CVE-2008-2026?

References

Timeline