Description
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by s4squatch · textwebappsmultiple
https://www.exploit-db.com/exploits/11405
exploitdb
WORKING POC
VERIFIED
by quentin.berdugo · textwebappscgi
https://www.exploit-db.com/exploits/31411
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28277
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489691/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3768
Scores
EPSS
0.0051
EPSS Percentile
66.4%
Details
CWE
CWE-79
Status
published
Products (1)
rsa/webid
5.3
Published
Mar 24, 2008
Tracked Since
Feb 18, 2026