← back
CVE-2018-1253

Stored cross-site scripting vulnerability

CVSS 6.5 MEDIUMEPSS 1.5%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Jun 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Affected products
RSA · Authentication Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2018/Jun/39http://www.securityfocus.com/bid/104534http://www.securitytracker.com/id/1041134