Date: Sun, 14 Aug 2005 18:01:50 -0400
Organization: Rodrigo Gutierrez Security Consulting
Subject: [Full-disclosure] RSA XSS Vulnerabilities

RSA XSS Vulnerabilities

Author: Rodrigo Gutierrez

Affected: RSA "Speaking of Security" Blog

Status: Notified Hereby

Vendor url:


RSA secures more than 15 million user identities, safeguards trillions of business transactions annually and manages the confidentiality of data in tens of thousands of applications worldwide. 3 cross site scripting vulnerabilities has been discovered in their Blog "Speaking of Security" ;) .


An attacker could gather data from the blog's users by fooling them, to access the modified vulnerable application.

Proof of Concept'XS S');%3C/script%3E'X SS');%3C/script%3E'XSS' );%3C/script%3E

Just for the picture ;) %75%74%69%65%72%72%65%7a 7%75%74%69%65%72%72%65%7a

Speaking of Security

RSA should spend some of those $307.5 million they earned in 2004 to audit their web applications.

main page ATTRITION feedback