Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
References
Configurations
History
20 Nov 2024, 23:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=112084050624959&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=112110963416714&w=2 - | |
References | () http://secunia.com/advisories/15956 - | |
References | () http://securitytracker.com/id?1014433 - Exploit | |
References | () http://www.osvdb.org/17809 - | |
References | () http://www.osvdb.org/17810 - | |
References | () http://www.vupen.com/english/advisories/2005/1040 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/21305 - |
Information
Published : 2005-07-11 04:00
Updated : 2024-11-20 23:59
NVD link : CVE-2005-2204
Mitre link : CVE-2005-2204
CVE.ORG link : CVE-2005-2204
JSON object : View
Products Affected
broadcom
- etrust_siteminder
CWE