CVE-2008-1470

IISWebAgentIF.dll - XSS

Title source: llm

Description

Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.

Exploits (2)

exploitdb WORKING POC VERIFIED

by quentin.berdugo · textwebappscgi

https://www.exploit-db.com/exploits/31411

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by s4squatch · textwebappsmultiple

https://www.exploit-db.com/exploits/11405

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/28277

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489691/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3768

Scores

EPSS 0.0051

EPSS Percentile 66.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

rsa/webid

Timeline

Published Mar 24, 2008

Tracked Since Feb 18, 2026