XSS in Broadcom Siteminder

CVE-2013-5968

Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

Broadcom Siteminder — versions 12.0, 12.5, 12.51
Ca Web_agents — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_CONFIRM)
1029237 (vdb-entry, x_refsource_SECTRACK)
98919 (x_refsource_OSVDB, vdb-entry)
20131024 CA20131024-01: Security Notice for CA SiteMinder (mailing-list, x_refsource_BUGTRAQ)
20131024 CA20131024-01: Security Notice for CA SiteMinder (mailing-list, x_refsource_FULLDISC)