AOH :: HP Unsorted R :: TB12489.HTM

RSA EnVision Reflected XSS Hole



RSA EnVision Reflected XSS Hole
RSA EnVision Reflected XSS Hole



#########################################
Application:           RSA EnVision
Vendor: http://www.rsa.com 
Version:                Version 3.3.6 Build 0115
Bug:                     Cross-Site Scripting
Risk:                     Medium
Date:                     12 Sept 2007
Author:                  Stelios Tigkas
e-mail:                   Stigkas at Gmail dot com
Current Employer:   Fujitsu Services
List:                       BugTraq(SecurityFocus)
#########################################


======Product
======A Security Event Management Solution.

==Bug
==
There is a Reflected (Type I) Cross-Site Scripting hole on the
username field, in the logon page of the EnVision application. The
following attack vector has been confirmed by the Vendor to work:
.

RSA have been notified on 23.03.2007

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.