header-logo
Suggest Exploit
vendor:
RSA ACE Agent
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: RSA ACE Agent
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:rsa:ace_agent
Metasploit:
Other Scripts:
Platforms Tested:

RSA ACE Agent Cross-Site Scripting Vulnerability

The RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input to prevent the execution of malicious scripts. Additionally, web application firewalls (WAFs) can be deployed to detect and block cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15206/info

RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

http://www.example.com/webauthentication?GetPic?image=x%3Cimg%20src=%22A%22+onError=%22javascript:alert('Thanks%20for%20turning%20on%20the%20remotecontrol')%3b%22%3Exxx

Navigation

Suggest Exploit

Services By CQR