CVE-2016-0925

MEDIUM

EMC RSA Adaptive Authentication - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Third Party Advisory] http://seclists.org/bugtraq/2016/Sep/33

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036851

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93025

Scores

CVSS v3 5.4

EPSS 0.0017

EPSS Percentile 37.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

emc/rsa_adaptive_authentication_on-premise < 7.2

n/a/n/a

Timeline

Published Sep 21, 2016

Tracked Since Feb 18, 2026