CVE-2014-0623
published 2014-03-27CVE-2014-0623: Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
0.98%
57.7th percentile
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | rsa_authentication_manager | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
RSA Authentication Manager 6.1/8.0/8.1 Self-Service Console cross site scripting (ESA-2014-015 / Nessus ID 73349)
vuldb·2026-05-09·CVSS 4.3
CVE-2014-0623 [MEDIUM] RSA Authentication Manager 6.1/8.0/8.1 Self-Service Console cross site scripting (ESA-2014-015 / Nessus ID 73349)
A vulnerability marked as problematic has been reported in RSA Authentication Manager 6.1/8.0/8.1. Affected by this issue is some unknown functionality of the component Self-Service Console. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2014-0623. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
It is recommended to apply a patch to fix this issue.
GHSA
GHSA-hp2h-7f94-5q5v: Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7
ghsa_unreviewed·2022-05-13
CVE-2014-0623 [MEDIUM] CWE-79 GHSA-hp2h-7f94-5q5v: Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-03-27
Published