Description
Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Oliver Karow · textremotewindows
https://www.exploit-db.com/exploits/25421
References (6)
Core 6
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14954
Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013724
Patch, Vendor Advisory x_refsource_misc
http://www.oliverkarow.de/research/rsaxss.txt
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/366372
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13168
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20098
Scores
EPSS
0.0231
EPSS Percentile
84.8%
Details
Status
published
Products (1)
rsa/authentication_agent_for_web
5.2
Published
Apr 14, 2005
Tracked Since
Feb 18, 2026