CVE-2005-1118

RSA Authentication Agent for Web <5.2 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1118. PoCs published by Oliver Karow.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web by injecting a malicious script into the POST request parameters. The vulnerability arises due to insufficient input sanitization, allowing arbitrary script execution in the context of a user's browser session.

Description

Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Oliver Karow · textremotewindows

https://www.exploit-db.com/exploits/25421

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web by injecting a malicious script into the POST request parameters. The vulnerability arises due to insufficient input sanitization, allowing arbitrary script execution in the context of a user's browser session.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: RSA Authentication Agent for Web (version not specified)

No auth needed

Prerequisites: Access to the target web application · User interaction to trigger the payload

MITRE ATT&CK