CVE-2024-36459

HIGH

SiteMinder - XSS

Title source: llm

Description

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

References (2)

[Various Sources] https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1

[Various Sources] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537

Scores

CVSS v4 8.4

EPSS 0.0032

EPSS Percentile 55.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-93

Status published

Products (2)

Broadcom/Symantec SiteMinder R 12.52 SP1 CR11 and below

Broadcom/Symantec SiteMinder R12.8

Published Jun 14, 2024

Tracked Since Feb 18, 2026