{ "CVE_data_meta" : { "ASSIGNER" : "security_alert@emc.com", "DATE_PUBLIC" : "2018-06-12T04:00:00.000Z", "ID" : "CVE-2018-1254", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "RSA Authentication Manager", "version" : { "version_data" : [ { "affected" : "<=", "version_value" : "8.3 P1" } ] } } ] }, "vendor_name" : "RSA" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "Reflected cross-site scripting vulnerability" } ] } ] }, "references" : { "reference_data" : [ { "name" : "20180612 DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities", "refsource" : "FULLDISC", "url" : "http://seclists.org/fulldisclosure/2018/Jun/39" }, { "name" : "104534", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/104534" }, { "name" : "1041134", "refsource" : "SECTRACK", "url" : "http://www.securitytracker.com/id/1041134" } ] }, "source" : { "discovery" : "UNKNOWN" } }