Cybertrion Systems

Home About Photos Contact

[2/5] RSA Registration Manager Cross-Site Scripting Vulnerabilities

October 31st, 2007 by
[2/5] RSA Registration Manager Cross-Site Scripting Vulnerabilities

:Fatih Ozavci and Caglar Cakici have reported some vulnerabilities in RSA Registration Manager (formerly RSA Keon Registration Authority Software), which can be exploited by malicious people to conduct cross-site scripting attacks.Certain unspecified input passed to the Request-spk.xuda and Add-msie-request.xuda components of the web interface are not properly sanitised before being returned to the user. These can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerabilities reportedly affects versions prior to Release 6.7 build 420, Release 6.6.1 build 353, Release 6.6 build 310, and Release 6.5.1 build 285.Solution:Update to the latest versions (log on to RSA SecurCare Online for more information).https://knowledge.rsasecurity.com/Provided and/or discovered by:Fatih Ozavci and Caglar Cakici, GamaSECChangelog:2007-10-30: Added CVE reference.2007-10-31: Updated product name, added version numbers, and added software in affected product list based on additional information from the vendor.Original Advisory:GS07-02:http://www.gamasec.net/english/gs07-02.htmlOther References:US-CERT VU#342793:http://www.kb.cert.org/vuls/id/342793

Original post by amit

[2/5] RSA Registration Manager Cross-Site Scripting Vulnerabilities

Related Articles:
  • [2/5] RSA KEON Registration Authority Cross-Site Scripting Vulnerabilities
  • [2/5] Sun Java System Identity Manager Unspecified Cross-Site Scripting
  • [2/5] DB Manager “id” Cross-Site Scripting
  • [2/5] ManageEngine Applications Manager “query” Cross-Site Scripting
  • [2/5] Savvy Content Manager “searchterms” Cross-Site Scripting


    • Posted in Advisories - Exploits | | [2/5] RSA Registration Manager Cross-Site Scripting Vulnerabilities

    << [3/5] McAfee E-Business Server Authentication Packet Handling Buffer Overflow | [3/5] CONTENTCustomizer “dialog.php” Information Disclosure >>

    Categories

    Archives:

    Search:

    Meta:

    © 2006 Latest 0 day exploits and vulnerabilities .