Arbitrary Code Execution and False Information Display Vulnerability in ValiCert Enterprise Validation Authority (EVA)

Arbitrary Code Execution and False Information Display Vulnerability in ValiCert Enterprise Validation Authority (EVA)

CVE-2001-0948 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

Learn more about our Web Application Penetration Testing UK.