CVE-2007-4900

Name of the Vulnerable Software and Affected Versions: RSA EnVision version 3.3.6 Build 0115

Description: A cross-site scripting (XSS) issue exists in the logon page, allowing remote attackers to inject arbitrary web script or HTML via the username field. This could potentially lead to unauthorized actions on the affected system.

Recommendations: For RSA EnVision version 3.3.6 Build 0115, consider restricting access to the logon page until a fix is available, and avoid using the username field in a manner that could facilitate XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.