CVE-2001-0948

Name of the Vulnerable Software and Affected Versions ValiCert Enterprise Validation Authority (EVA) versions 3.3 through 4.2.1

Description A cross-site scripting issue allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

Recommendations For versions 3.3 through 4.2.1, consider restricting the ability to include HTML or script in certificate descriptions until a fix is available. As a temporary workaround, avoid viewing certificates that may contain malicious code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.