Vulnerability Description
Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vasco | Digipass | - |
Related Weaknesses (CWE)
References
- https://labs.integrity.pt/advisories/cve-2015-7349/index.htmlExploitMitigationTechnical Description
- https://www.vasco.com/images/de-de/KB_140148_tcm45-47825.pdfExploitMitigationTechnical Description
- https://www.vasco.com/support/knowledge-base-articles/kb-140148.htmlExploitMitigationTechnical Description
- https://labs.integrity.pt/advisories/cve-2015-7349/index.htmlExploitMitigationTechnical Description
- https://www.vasco.com/images/de-de/KB_140148_tcm45-47825.pdfExploitMitigationTechnical Description
- https://www.vasco.com/support/knowledge-base-articles/kb-140148.htmlExploitMitigationTechnical Description
FAQ
What is CVE-2015-7349?
CVE-2015-7349 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTM...
How severe is CVE-2015-7349?
CVE-2015-7349 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7349?
Check the references section above for vendor advisories and patch information. Affected products include: Vasco Digipass.