EMC RSA Authentication Manager < 8.2 SP1 Patch 1 Token Profile Name Stored XSS (ESA-2017-068)
Low Nessus Plugin ID 101846
SynopsisAn application running on the remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of EMC RSA Authentication Manager running on the remote host is prior to 8.2 SP1 Patch 1 (22.214.171.124). It is, therefore, affected by a stored cross-site scripting (XSS) vulnerability due to a failure to validate user-supplied input to names of token profiles before returning them to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to EMC RSA Authentication Manager version 8.2 SP1 Patch 1 (126.96.36.199) or later.