CVE-2005-2204
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://securitytracker.com/id?1014433
- http://secunia.com/advisories/15956
- http://www.osvdb.org/17809
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21305
- http://www.osvdb.org/17810
- http://marc.info/?l=bugtraq&m=112110963416714&w=2
- http://marc.info/?l=bugtraq&m=112084050624959&w=2
- http://www.vupen.com/english/advisories/2005/1040
References
- http://securitytracker.com/id?1014433
- http://secunia.com/advisories/15956
- http://www.osvdb.org/17809
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21305
- http://www.osvdb.org/17810
- http://marc.info/?l=bugtraq&m=112110963416714&w=2
- http://marc.info/?l=bugtraq&m=112084050624959&w=2
- http://www.vupen.com/english/advisories/2005/1040
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.