CVE-2026-3862
- EPSS 0.03%
- Veröffentlicht 10.03.2026 14:52:52
- Zuletzt bearbeitet 07.05.2026 18:21:07
Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
CVE-2013-5968
- EPSS 0.3%
- Veröffentlicht 29.10.2013 03:42:34
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
CVE-2011-1718
- EPSS 0.84%
- Veröffentlicht 27.04.2011 01:25:33
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
CVE-2009-2705
- EPSS 1.51%
- Veröffentlicht 11.08.2009 10:30:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.