Vulnerability Description
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Valicert | Enterprise Validation Authority | 3.3 |
References
- http://marc.info/?l=bugtraq&m=100749428517090&w=2
- http://www.securityfocus.com/bid/3619PatchVendor Advisory
- http://www.valicert.com/support/security_advisory_eva.htmlVendor AdvisoryURL Repurposed
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7650
- http://marc.info/?l=bugtraq&m=100749428517090&w=2
- http://www.securityfocus.com/bid/3619PatchVendor Advisory
- http://www.valicert.com/support/security_advisory_eva.htmlVendor AdvisoryURL Repurposed
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7650
FAQ
What is CVE-2001-0948?
CVE-2001-0948 is a vulnerability with a CVSS score of 7.5 (HIGH). Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including...
How severe is CVE-2001-0948?
CVE-2001-0948 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0948?
Check the references section above for vendor advisories and patch information. Affected products include: Valicert Enterprise Validation Authority.