CVE-2018-1255 MEDIUM

CVE-2018-1255: Reflected Cross-Site Scripting Vulnerability

Vendor Rsa
Product RSA Identity Governance and Lifecycle
Published July 13, 2018
Last update September 17, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

Key dates

02Disclosure timeline

July 13, 2018 CVE published
September 17, 2024 Record updated