CVE-2005-2204 - Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the

CVE-2005-2204

Summary

Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:etrust_siteminder:5.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_siteminder:5.5:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-04-2021 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20050708 SiteMinder Multiple Vulnerabilities 20050711 Re: SiteMinder Multiple Vulnerabilities
osvdb	17809 17810
sectrack	1014433
secunia	15956
vupen	ADV-2005-1040
xf	ca-siteminder-smpwservicescgi-xss(21305)

Last major update

09-04-2021 - 16:30

Published

11-07-2005 - 04:00

Last modified

09-04-2021 - 16:30