cvedb.io
CVE-2017-8000
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2017-07-17T14:29:01.107 · Last modified 2026-06-17T01:25:37.310

Summary

In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.

Affected products

emc — rsa_authentication_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when emc ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.