CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36459 – Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent
https://notcve.org/view.php?id=CVE-2024-36459
14 Jun 2024 — A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. Se ha identificado una vulnerabilidad de cross-site scripting CRLF en determinadas configuraciones del Agente web de SiteMinder para el servidor web IIS y del Agente web de SiteMinder para el servidor web Domino. Como resultado, un atacante pued... • https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 2CVE-2023-23956 – Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23956
30 May 2023 — A user can supply malicious HTML and JavaScript code that will be executed in the client browser Symantec SiteMinder WebAgent version 12.52 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/173038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-10001 – Netegrity SiteMinder Login smpwservicescgi.exe redirect
https://notcve.org/view.php?id=CVE-2005-10001
28 Mar 2022 — A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se ha encontrado una vulnerabilidad en Netegrity SiteMinder versiones hasta 4.5.1, y Ha sido clas... • https://vuldb.com/?id.1022 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5968 – CA SiteMinder Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5968
25 Oct 2013 — Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character. Vulnerabilidad cross-site scripting (XSS) en CA SiteMinder de la version 12.0 hasta la 12.51, y SiteMinder 6 Web Agents, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores que involucran un caracter " (comillas dobles). CA Technologies S... • http://archives.neohapsis.com/archives/bugtraq/2013-10/0120.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1718
https://notcve.org/view.php?id=CVE-2011-1718
27 Apr 2011 — The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data. El componente Web Agents en CA SiteMinder R6 antes SP6 CR2 y R12 antes SP3 CR2 no maneja adecuadamente las cabeceras de varias líneas, lo que permite a usuarios remotos autenticados para realizar ataques de suplantación de identidad y obtener privilegios a través de datos ... • http://secunia.com/advisories/44218 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2009-2705 – Computer Associates SiteMinder - Unicode Cross-Site Scripting Protection Security Bypass
https://notcve.org/view.php?id=CVE-2009-2705
11 Aug 2009 — CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. CA SiteMinder permite a atacantes remotos evitar las protecciones contra las vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) de las aplicaciones J2EE a traves de una petición que contiene caracteres "overlong Unicode" mal formados en lugar de los caracteres prohibidos. • https://www.exploit-db.com/exploits/33181 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2007-5923 – Computer Associates SiteMinder - Web Agent Smpwservices.FCC Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5923
10 Nov 2007 — Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el forms/smpwservices.fcc in CA (antiguamente Computer Associates) eTrust SiteMinder Agent permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elecci... • https://www.exploit-db.com/exploits/30746 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2005-2204
https://notcve.org/view.php?id=CVE-2005-2204
11 Jul 2005 — Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors. • http://marc.info/?l=bugtraq&m=112084050624959&w=2 •