CVE-2008-2026
published 2008-04-30CVE-2008-2026: Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.07%
60.7th percentile
Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rsa | authentication_agent | <= 5.3 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7662-h7hj-vxv2: Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2008-2026 [MEDIUM] CWE-79 GHSA-7662-h7hj-vxv2: Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF
Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470.
CISA
Microsoft Windows Buffer Overflow Vulnerability
cisa·2026-05-20·CVSS 9.8
CVE-2008-4250 [CRITICAL] CWE-94 Microsoft Windows Buffer Overflow Vulnerability
Vulnerability: Microsoft Windows Buffer Overflow Vulnerability
Affected: Microsoft Windows
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
Remediation Due Date: 2026-06-03
Citrix
Citrix Security Bulletin CTX116930
vendor_citrix·CVSS 10.0
CVE-2008-2528 [CRITICAL] Citrix Security Bulletin CTX116930
Citrix Security Bulletin CTX116930
CVE References: CVE-2008-2528, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX116310
vendor_citrix·CVSS 6.8
CVE-2008-4676 [MEDIUM] Citrix Security Bulletin CTX116310
Citrix Security Bulletin CTX116310
CVE References: CVE-2008-4676, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX116227
vendor_citrix·CVSS 1.9
CVE-2008-6561 [LOW] Citrix Security Bulletin CTX116227
Citrix Security Bulletin CTX116227
CVE References: CVE-2008-6561, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX114487
vendor_citrix·CVSS 10.0
CVE-2008-0356 [CRITICAL] Citrix Security Bulletin CTX114487
Citrix Security Bulletin CTX114487
CVE References: CVE-2008-0356, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX117751
vendor_citrix·CVSS 7.2
CVE-2008-5121 [HIGH] Citrix Security Bulletin CTX117751
Citrix Security Bulletin CTX117751
CVE References: CVE-2008-5121, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX114893
vendor_citrix·CVSS 5.0
CVE-2008-2299 [MEDIUM] Citrix Security Bulletin CTX114893
Citrix Security Bulletin CTX114893
CVE References: CVE-2008-2299, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX118768
vendor_citrix·CVSS 4.0
CVE-2008-6830 [MEDIUM] Citrix Security Bulletin CTX118768
Citrix Security Bulletin CTX118768
CVE References: CVE-2008-6830, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX117814
vendor_citrix·CVSS 4.3
CVE-2008-3253 [MEDIUM] Citrix Security Bulletin CTX117814
Citrix Security Bulletin CTX117814
CVE References: CVE-2008-3253, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX116941
vendor_citrix·CVSS 6.5
CVE-2008-2300 [MEDIUM] Citrix Security Bulletin CTX116941
Citrix Security Bulletin CTX116941
CVE References: CVE-2008-2300, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX116228
vendor_citrix·CVSS 1.9
CVE-2008-5107 [LOW] Citrix Security Bulletin CTX116228
Citrix Security Bulletin CTX116228
CVE References: CVE-2008-5107, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
Tenable
Marcus Ranum PaulDotCom Interview on Penetration Testing
blogs_tenable·2008-12-14·CVSS 7.8
[HIGH] Marcus Ranum PaulDotCom Interview on Penetration Testing
Blog / Company
Subscribe
# Marcus Ranum PaulDotCom Interview on Penetration Testing
Ron Gula
December 14, 2008
0 Min Read
Tenable's CSO, Marcus Ranum, was recently interviewed on the PaulDotCom Security Weekly podcast. They discussed a wide range of topics regarding penetration testing, secure coding, Marcus's "6 Dumbest Ideas" in computer security and much more.
- Full PaulDotCom show notes.
- Direct link to the show's MP3 audio recording.
- Tenable podcast and slides on Marcus's "6 Dumbest Ideas in Computer Security" presentation from from 2006.
- Very cool image of Marcus Ranum demonstrating cutting edge computer security practices.
## Related articles
March 17, 2026
## FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word
An N-day vulnerability in Microsoft Word exposes n
Bugzilla
CVE-2026-53287 kernel: audit: fix incorrect inheritable capability in CAPSET records
bugzilla·2026-06-26
CVE-2026-53287 [MEDIUM] CVE-2026-53287 kernel: audit: fix incorrect inheritable capability in CAPSET records
CVE-2026-53287 kernel: audit: fix incorrect inheritable capability in CAPSET records
In the Linux kernel, the following vulnerability has been resolved:
audit: fix incorrect inheritable capability in CAPSET records
__audit_log_capset() records the effective capability set into the
inheritable field due to a copy-paste error. Every CAPSET audit
record therefore reports cap_pi (process inheritable) with the value
of cap_effective instead of cap_inheritable.
This silently corrupts audit data used for compliance and forensic
analysis: an attacker who modifies inheritable capabilities to
prepare for a privilege-escalating exec would have the change masked
in the audit trail.
The bug has been present since the original introduction of CAPSET
audit records in 2008.
Discussion:
Upstream adv
http://secunia.com/advisories/14954http://securityreason.com/securityalert/3848http://www.securityfocus.com/archive/1/491247/100/0/threadedhttp://www.securitytracker.com/id?1019920http://secunia.com/advisories/14954http://securityreason.com/securityalert/3848http://www.securityfocus.com/archive/1/491247/100/0/threadedhttp://www.securitytracker.com/id?1019920
2008-04-30
Published