CVE-2011-1825

Published: May 5, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (1)

Products: Ca: Arcot Webfort Versatile Authentication Server

1 product

Arcot Webfort Versatile Authentication Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ca Arcot Webfort Versatile Authentication Server	Up to 6.2.4

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://osvdb.org/72124

Source: cve@mitre.org

http://secunia.com/advisories/44317

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/517702/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/47587

Source: cve@mitre.org

http://www.securitytracker.com/id?1025444

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/1114

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/67104

Source: cve@mitre.org

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BA71F5839-D214-4719-B918-4476E4537998%7D

Source: cve@mitre.org

http://osvdb.org/72124