Rsa · Rsa Envision · CVE-2007-4900
Name of the Vulnerable Software and Affected Versions:
RSA EnVision version 3.3.6 Build 0115
Description:
A cross-site scripting (XSS) issue exists in the logon page, allowing remote attackers to inject arbitrary web script or HTML via the `username` field. This could potentially lead to unauthorized actions on the affected system.
Recommendations:
For RSA EnVision version 3.3.6 Build 0115, consider restricting access to the logon page until a fix is available, and avoid using the `username` field in a manner that could facilitate XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.