CVE-2001-0948

medium

Description

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7650

http://www.valicert.com/support/security_advisory_eva.html

http://www.securityfocus.com/bid/3619

http://marc.info/?l=bugtraq&m=100749428517090&w=2

Details

Source: Mitre, NVD

Published: 2001-12-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02441