Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.

Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.