← volver
CVE-2024-36459

Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

CVSS 8.4 HIGHEPSS 0.4%CWE-93
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
Productos afectados
Broadcom · Symantec SiteMinder

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537