CVE-2008-1470
published 2008-03-24CVE-2008-1470: Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.52%
71.5th percentile
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rsa | authentication_agent | <= 5.3 | — |
| rsa | webid | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7662-h7hj-vxv2: Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2008-2026 [MEDIUM] CWE-79 GHSA-7662-h7hj-vxv2: Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF
Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470.
GHSA
GHSA-347x-wrxw-wp8p: Incomplete blacklist vulnerability in IISWebAgentIF
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2008-1470 [MEDIUM] CWE-79 GHSA-347x-wrxw-wp8p: Incomplete blacklist vulnerability in IISWebAgentIF
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
No detection rules found.
Exploit-DB
RSA - SecurID Cross-Site Scripting
exploitdb·2010-02-11
CVE-2008-1470 RSA - SecurID Cross-Site Scripting
RSA - SecurID Cross-Site Scripting
---
Discovered 12-11-2008
Discovered By: s4squatch of SecureState R&D Team (www.securestate.com)
Vendor Notified: 10-07-2009
Vendor Response: 10-08-2009
Version: Unknown --> DLL does not contain version, therefore vendor says it is outdated and not supported.
POC:
https://www.website.com/WebID/IISWebAgentIF.dll?stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata=get:f4e2c">alert("xss")60179147875&authntype=2&username=test&passcode=test[12:26] a
Exploit-DB
RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting
exploitdb·2008-03-17
CVE-2008-1470 RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting
RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/28277/info
RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RSA WebID 5.3 is vulnerable; other versions may also be affected.
https://www.example.com/WebID/IISWebAgentIF.dll?stage=useridandpasscode&referrer=Z2F&sessionid=0&authntype=2&username=a&passcode=a&postdata=aaa"%20>alert(document.cookie)<!--
No writeups or analysis indexed.
2008-03-24
Published