ValiCert Enterprise Validation Authority Code Execution Vulnerability

The ValiCert Validation Authority delivers a comprehensive, scalable and reliable framework for validating digital certificates, issued by any certificate authority, in real time.

It is reportedly possible for a user to include HTML code in the description field when creating a certificate. Upon viewing the certificate from the ValiCert adminsistrative server, the HTML will be rendered as part of the interface.

Attackers may exploit this vulnerability to launch cross-site scripting attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus