RSA EnVision Reflected XSS Hole

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RSA EnVision Reflected XSS Hole
From: "Stelios Tigkas" <stigkas@xxxxxxxxx>
Date: Wed, 12 Sep 2007 10:21:55 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=TQ3cklXawuasv5I0Ab0Et2XMspcz4zI1ZTNo/Bry++I=; b=WbLNDl06GxRy/XsOsFkqbPqyynkHcTiNbVy3NtqgnirQUaCNKwGPNg0cdXRTkFbYzay7/9PjanTK2ZbbIgf/xt2nPomRKJaxayg4cCV6BpYMwrNgCLSTSZ0E3wag7YMMsJ/988FNnNSXCjH3hzA//YCCOxVBZLBNKYp8sBy2mKs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=js+FZQyDLtP2QZDxUfJz5WxXdQKkds2tYnY3tzN9vKgxdSMHmlILcy6nTNzbrUDIYrkbwNbmrZ7dSNTOV4CA9JlM9LtEeicpYRHPje3cmJPnWMxoe+BqEQBTsMgEVb2nAUZdgeF6/+7MG/nsNXazNvvfKSAd2PuBhCBWj71wGZY=
In-reply-to: <64a852af0709060950m4fb7bd57nbbdc65e5a9fa8fc0@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <64a852af0709060950m4fb7bd57nbbdc65e5a9fa8fc0@xxxxxxxxxxxxxx>

#########################################
Application:           RSA EnVision
Vendor:                http://www.rsa.com
Version:                Version 3.3.6 Build 0115
Bug:                     Cross-Site Scripting
Risk:                     Medium
Date:                     12 Sept 2007
Author:                  Stelios Tigkas
e-mail:                   Stigkas at Gmail dot com
Current Employer:   Fujitsu Services
List:                       BugTraq(SecurityFocus)
#########################################


=======
Product
=======
A Security Event Management Solution.

===
Bug
===

There is a Reflected (Type I) Cross-Site Scripting hole on the
username field, in the logon page of the EnVision application. The
following attack vector has been confirmed by the Vendor to work:
</script><script>alert(document.cookie)</script>.

RSA have been notified on 23.03.2007

Prev by Date: Boinc Forum Cross Site Scripting Vulrnability
Next by Date: S21SEC-036-EN Ekiga <= 2.0.5 Denial of service
Previous by thread: Boinc Forum Cross Site Scripting Vulrnability
Next by thread: S21SEC-036-EN Ekiga <= 2.0.5 Denial of service
Index(es):
- Date
- Thread