CVE-2001-0948 | Vulnerability Database | Aqua Security

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificates description, which is executed when the certificate is viewed.

Affected Software

Name	Vendor	Start Version	End Version
Enterprise_validation_authority	Valicert	3.3 (including)	3.3 (including)
Enterprise_validation_authority	Valicert	3.4 (including)	3.4 (including)
Enterprise_validation_authority	Valicert	3.5 (including)	3.5 (including)
Enterprise_validation_authority	Valicert	3.6 (including)	3.6 (including)
Enterprise_validation_authority	Valicert	3.7 (including)	3.7 (including)
Enterprise_validation_authority	Valicert	3.8 (including)	3.8 (including)
Enterprise_validation_authority	Valicert	3.9 (including)	3.9 (including)
Enterprise_validation_authority	Valicert	4.0 (including)	4.0 (including)
Enterprise_validation_authority	Valicert	4.1 (including)	4.1 (including)
Enterprise_validation_authority	Valicert	4.2 (including)	4.2 (including)
Enterprise_validation_authority	Valicert	4.2.1 (including)	4.2.1 (including)

References

http://marc.info/?l=bugtraq\u0026m=100749428517090\u0026w=2
http://www.securityfocus.com/bid/3619
http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7650

NVD	https://nvd.nist.gov/vuln/detail/CVE-2001-0948
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html