2 matches found
CVE-2005-2204
CVE-2005-2204 describes a cross-site scripting vulnerability in CA eTrust SiteMinder 5.5. When CSSChecking is set to NO, an attacker can inject arbitrary script/HTML through parameters to smpwservicescgi.exe (PASSWORD, BUFFER) and login.fcc (TARGET), and possibly other vectors. This affects SiteM...
CVE-2007-5923
The CVE-2007-5923 entry describes a Cross-site scripting (XSS) vulnerability in CA eTrust SiteMinder components, specifically in forms/smpwservices.fcc, exposed via the SMAUTHREASON parameter. The vulnerability affects the SiteMinder Agent/web components and could allow an attacker to inject arbi...