CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36459 – Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent
https://notcve.org/view.php?id=CVE-2024-36459
14 Jun 2024 — A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser. Se ha identificado una vulnerabilidad de cross-site scripting CRLF en determinadas configuraciones del Agente web de SiteMinder para el servidor web IIS y del Agente web de SiteMinder para el servidor web Domino. Como resultado, un atacante pued... • https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 2CVE-2023-23956 – Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23956
30 May 2023 — A user can supply malicious HTML and JavaScript code that will be executed in the client browser Symantec SiteMinder WebAgent version 12.52 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/173038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-10001 – Netegrity SiteMinder Login smpwservicescgi.exe redirect
https://notcve.org/view.php?id=CVE-2005-10001
28 Mar 2022 — A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se ha encontrado una vulnerabilidad en Netegrity SiteMinder versiones hasta 4.5.1, y Ha sido clas... • https://vuldb.com/?id.1022 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •