CVE-2013-5968
CA SiteMinder Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
Vulnerabilidad cross-site scripting (XSS) en CA SiteMinder de la version 12.0 hasta la 12.51, y SiteMinder 6 Web Agents, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores que involucran un caracter " (comillas dobles).
CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-10-01 CVE Reserved
- 2013-10-25 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-10/0120.html | Mailing List | |
| http://osvdb.org/98919 | Vdb Entry | |
| http://seclists.org/fulldisclosure/2013/Oct/230 | Mailing List |
|
| http://www.securitytracker.com/id/1029237 | Vdb Entry | |
| https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B9B8E7A8A-2A00-4456-A7CC-8C2E74AA7EA5%7D | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ca Search vendor "Ca" | Web Agents Search vendor "Ca" for product "Web Agents" | 6.0 Search vendor "Ca" for product "Web Agents" and version "6.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Siteminder Search vendor "Broadcom" for product "Siteminder" | 12.0 Search vendor "Broadcom" for product "Siteminder" and version "12.0" | sp1 |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Siteminder Search vendor "Broadcom" for product "Siteminder" | 12.0 Search vendor "Broadcom" for product "Siteminder" and version "12.0" | sp2 |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Siteminder Search vendor "Broadcom" for product "Siteminder" | 12.0 Search vendor "Broadcom" for product "Siteminder" and version "12.0" | sp3 |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Siteminder Search vendor "Broadcom" for product "Siteminder" | 12.5 Search vendor "Broadcom" for product "Siteminder" and version "12.5" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Siteminder Search vendor "Broadcom" for product "Siteminder" | 12.51 Search vendor "Broadcom" for product "Siteminder" and version "12.51" | - |
Affected
| ||||||