CVE-2005-3329

RSA Authentication Agent for Web < 5.3 - Cross-Site Scripting via Image Parameter in GetPic Operation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3329. PoCs published by Bernhard Mueller.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in RSA ACE Agent by injecting malicious JavaScript via the 'image' parameter in the 'GetPic' endpoint. The PoC uses a crafted URL to execute arbitrary script code in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bernhard Mueller · textwebappscgi

https://www.exploit-db.com/exploits/26398

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in RSA ACE Agent by injecting malicious JavaScript via the 'image' parameter in the 'GetPic' endpoint. The PoC uses a crafted URL to execute arbitrary script code in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: RSA ACE Agent

No auth needed

Prerequisites: Victim must visit the crafted URL

MITRE ATT&CK