TUCoPS :: HP Unsorted R :: tb12489.htm

RSA EnVision Reflected XSS Hole
RSA EnVision Reflected XSS Hole
RSA EnVision Reflected XSS Hole


#########################################
Application:           RSA EnVision
Vendor: http://www.rsa.com 
Version:                Version 3.3.6 Build 0115
Bug:                     Cross-Site Scripting
Risk:                     Medium
Date:                     12 Sept 2007
Author:                  Stelios Tigkas
e-mail:                   Stigkas at Gmail dot com
Current Employer:   Fujitsu Services
List:                       BugTraq(SecurityFocus)
#########################################


======Product
======A Security Event Management Solution.

==Bug
==
There is a Reflected (Type I) Cross-Site Scripting hole on the
username field, in the logon page of the EnVision application. The
following attack vector has been confirmed by the Vendor to work:
.

RSA have been notified on 23.03.2007

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH