CVE-2003-0389 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Rsa	Ace Agent	5.0

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0112.htmlExploitPatchVendor Advisory
http://www.rapid7.com/advisories/R7-0014.htmlExploitPatchVendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0112.htmlExploitPatchVendor Advisory
http://www.rapid7.com/advisories/R7-0014.htmlExploitPatchVendor Advisory

FAQ

What is CVE-2003-0389?

CVE-2003-0389 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause us...

How severe is CVE-2003-0389?

CVE-2003-0389 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0389?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Ace Agent.