Vulnerability Details : CVE-2011-1825
Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2011-1825
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1825
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-1825
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1825
-
http://www.securityfocus.com/bid/47587
CA Arcot WebFort Versatile Authentication Server Cross Site Scripting Vulnerability
-
http://www.vupen.com/english/advisories/2011/1114
Webmail | OVH- OVH
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67104
CA Arcot WebFort Versatile Authentication Server Arcot Administrative Console cross-site scripting CVE-2011-1825 Vulnerability Report
-
http://www.securitytracker.com/id?1025444
CA Arcot WebFort Versatile Authentication Server Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks - SecurityTracker
-
http://www.securityfocus.com/archive/1/517702/100/0/threaded
SecurityFocus
Products affected by CVE-2011-1825
- cpe:2.3:a:ca:arcot_webfort_versatile_authentication_server:*:*:*:*:*:*:*:*