CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-1470 – RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1470
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118. Vulnerabilidad de lista negra incompleta en IISWebAgentIF.dll en el WebID RSA Authentication Agent 5.3 y posiblemente anteriores, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) a través del parámetro postdata, debido a una solución incompleta para CVE-2005-1118. • https://www.exploit-db.com/exploits/31411 https://www.exploit-db.com/exploits/11405 http://securityreason.com/securityalert/3768 http://www.securityfocus.com/archive/1/489691/100/0/threaded http://www.securityfocus.com/bid/28277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •