CVE-2018-11074

MEDIUM

RSA Authentication Manager < 8.3 - XSS

Title source: rule

Description

RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105410

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041697

[Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2018/Sep/39

Scores

CVSS v3 6.1

EPSS 0.0075

EPSS Percentile 72.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (3)

rsa/authentication_manager < 8.3

emc/rsa_authentication_manager

Timeline

Published Sep 28, 2018

Tracked Since Feb 18, 2026