CVE-2011-1825
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple stored XSS vulnerabilities in CA Arcot WebFort VAS before 6.2.5 allow remote attackers to inject arbitrary HTML/script via unspecified vectors.
Vulnerability
Multiple cross-site scripting (XSS) vulnerabilities exist in the Administrative Console of CA Arcot WebFort Versatile Authentication Server (VAS) versions prior to 6.2.5. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the administrative interface. Affected versions are all releases before 6.2.5 [1].
Exploitation
An unauthenticated remote attacker can send crafted requests to the Administrative Console to inject malicious script or HTML. The exact attack vectors are not publicly detailed, but the reference notes that the vulnerabilities are remotely exploitable without authentication [1].
Impact
Successful exploitation enables an attacker to execute arbitrary script or HTML in the context of the administrative console, potentially leading to credential theft, session hijacking, or defacement of administrative pages. The attacker could also target other administrators viewing the console.
Mitigation
CA Arcot WebFort VAS version 6.2.5 contains fixes for these XSS vulnerabilities. Users should upgrade to 6.2.5 or later as soon as possible [1]. No workaround has been documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:ca:arcot_webfort_versatile_authentication_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ca:arcot_webfort_versatile_authentication_server:*:*:*:*:*:*:*:*range: <=6.2.4
- (no CPE)range: <6.2.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/44317nvdVendor Advisory
- osvdb.org/72124nvd
- www.securityfocus.com/archive/1/517702/100/0/threadednvd
- www.securityfocus.com/bid/47587nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2011/1114nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/67104nvd
- support.ca.com/irj/portal/anonymous/phpsupcontentnvd
News mentions
0No linked articles in our index yet.