CVE-2019-18574 MEDIUM

CVE-2019-18574

Vendor Dell
Product RSA Authentication Manager
Weakness CWE-79 · XSS
Published December 3, 2019
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.

Key dates

02Disclosure timeline

December 3, 2019 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects CVE-2022-46907 Apache JSPWiki: XSS Injection points in several plugins CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting