CVE-2016-0925

EUVD-2016-0936
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
emcrsa_adaptive_authentication_on-premise
𝑥
≤ 7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2016/Sep/33
http://www.securityfocus.com/bid/93025
http://www.securitytracker.com/id/1036851
http://seclists.org/bugtraq/2016/Sep/33
http://www.securityfocus.com/bid/93025
http://www.securitytracker.com/id/1036851