Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificates description, which is executed when the certificate is viewed.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_validation_authority | Valicert | 3.3 (including) | 3.3 (including) |
| Enterprise_validation_authority | Valicert | 3.4 (including) | 3.4 (including) |
| Enterprise_validation_authority | Valicert | 3.5 (including) | 3.5 (including) |
| Enterprise_validation_authority | Valicert | 3.6 (including) | 3.6 (including) |
| Enterprise_validation_authority | Valicert | 3.7 (including) | 3.7 (including) |
| Enterprise_validation_authority | Valicert | 3.8 (including) | 3.8 (including) |
| Enterprise_validation_authority | Valicert | 3.9 (including) | 3.9 (including) |
| Enterprise_validation_authority | Valicert | 4.0 (including) | 4.0 (including) |
| Enterprise_validation_authority | Valicert | 4.1 (including) | 4.1 (including) |
| Enterprise_validation_authority | Valicert | 4.2 (including) | 4.2 (including) |
| Enterprise_validation_authority | Valicert | 4.2.1 (including) | 4.2.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2
- http://www.securityfocus.com/bid/3619
- http://www.valicert.com/support/security_advisory_eva.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7650
- http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2
- http://www.securityfocus.com/bid/3619
- http://www.valicert.com/support/security_advisory_eva.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7650