VYPR

Siteminder

by Broadcom Corporation

CVEs (6)

  • CVE-2026-3862MedMar 10, 2026
    risk 0.31cvss 4.8epss 0.00

    Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.

  • CVE-2009-2705Aug 11, 2009
    risk 0.03cvss epss 0.04

    CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

  • CVE-2007-5923Nov 10, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.

  • CVE-2013-5968Oct 29, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

  • CVE-2011-1718Apr 27, 2011
    risk 0.00cvss epss 0.02

    The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

  • CVE-2005-2204Jul 11, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3)…