CVE-2005-2204
eTrust SiteMinder 5.5 - Cross-Site Scripting via PASSWORD/BUFFER/TARGET Parameters
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
References (8)
Core 8
Core References
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014433
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15956
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/17809
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21305
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/17810
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112110963416714&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112084050624959&w=2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1040
Scores
EPSS
0.0096
EPSS Percentile
76.7%
Details
Status
published
Products (1)
broadcom/etrust_siteminder
5.5
Published
Jul 11, 2005
Tracked Since
Feb 18, 2026