VYPR
← All advisories
Unrated severityNVD Advisory· Published May 5, 2011· Updated Apr 29, 2026

CVE-2011-1423

CVE-2011-1423

Description

Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in RSA DLP Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in RSA Data Loss Prevention (DLP) Enterprise Manager versions 8.x prior to 8.5 SP1 [1]. The issue stems from improper input validation, allowing an attacker to inject arbitrary web script or HTML through unspecified vectors [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication, but the attack complexity is medium [1]. The attacker crafts a malicious request that, when processed by the vulnerable application, injects script into a page viewed by an authenticated administrator. No specific user interaction beyond the victim viewing the crafted page is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script in the context of the victim's session, leading to partial confidentiality and integrity impact (e.g., data theft, session hijacking). Availability is not affected [1].

Mitigation

RSA recommends upgrading to RSA DLP Enterprise Manager version 8.5 SP1, which contains the fix for this vulnerability [1]. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. RSA Data Loss Prevention security vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • EMC Corporation/Data Loss Prevention Enterprise Manager3 versions
    cpe:2.3:a:emc:data_loss_prevention_enterprise_manager:8.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:emc:data_loss_prevention_enterprise_manager:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:emc:data_loss_prevention_enterprise_manager:8.5:*:*:*:*:*:*:*
    • (no CPE)range: <8.5 SP1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.