CVE-2008-1470

Name of the Vulnerable Software and Affected Versions WebID RSA Authentication Agent version 5.3 and possibly earlier

Description The issue is related to an incomplete blacklist vulnerability in the IISWebAgentIF.dll component. This allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for a previously known issue.

Recommendations For WebID RSA Authentication Agent version 5.3 and possibly earlier, consider restricting access to the postdata parameter in the affected API endpoint until a comprehensive fix is available. As a temporary workaround, avoid using the postdata parameter to minimize the risk of exploitation.