CVE-2011-4054

CA SiteMinder <R6 SP6, R12 SP3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/713012

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/MAPG-8MCH2B

Scores

EPSS 0.0089

EPSS Percentile 75.3%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

ca/siteminder < 6

ca/siteminder < 12

Timeline

Published Dec 08, 2011

Tracked Since Feb 18, 2026