CVE-2026-3862
- EPSS 0.06%
- Veröffentlicht 10.03.2026 14:52:52
- Zuletzt bearbeitet 11.03.2026 13:53:20
Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
CVE-2013-5968
- EPSS 0.3%
- Veröffentlicht 29.10.2013 03:42:34
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
CVE-2011-1718
- EPSS 0.84%
- Veröffentlicht 27.04.2011 01:25:33
- Zuletzt bearbeitet 11.04.2025 00:51:21
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
CVE-2009-2705
- EPSS 1.51%
- Veröffentlicht 11.08.2009 10:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.