Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbArshan DabirsiaghiEDB-ID:33178
HistoryJun 08, 2009 - 12:00 a.m.

Computer Associates SiteMinder - '%00' Cross-Site Scripting Protection Security Bypass

2009-06-0800:00:00
Arshan Dabirsiaghi
www.exploit-db.com
22

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

42.4%

JSON
source: https://www.securityfocus.com/bid/36086/info

Computer Associates SiteMinder is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input.

An attacker can exploit this issue to bypass cross-site scripting protections. Successful exploits can aid in further attacks.

We don't know which versions of SiteMinder are affected. We will update this BID when more details become available. 

http://www.example.com/app/function?foo=bar%00<script>alert(document.cookie)</script>

Related

cve 1
prion 1
cvelist 1
nvd 1
seebug 1
cve
cve
CVE-2009-2704
2009-08-11 10:30:00
prion
prion
Cross site scripting
2009-08-11 10:30:00
cvelist
cvelist
CVE-2009-2704
2009-08-11 10:00:00
nvd
nvd
CVE-2009-2704
2009-08-11 10:30:00
seebug
seebug
CA SiteMinder GET请求多个跨站脚本漏洞
2009-08-26 00:00:00

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

42.4%

JSON
Related for EDB-ID:33178
cve1prion1cvelist1nvd1seebug1