Signature Detail
Short Name |
HTTP:XSS:HTML-SCRIPT-IN-POST |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Category |
HTTP |
Keywords |
HTML Script Tag Embedded in Post Submission |
Release Date |
2009/11/24 |
Update Number |
1551 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: HTML Script Tag Embedded in Post Submission
This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. This signature can false positive on valid submissions containing scripts.
Extended Description
Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. We were not told which versions are affected. We will update this BID as more information emerges.
Affected Products
- Computer Associates SiteMinder 6.0
- Computer Associates SiteMinder
- Computer Associates SiteMinder Web Agent
References
- BugTraq: 66973
- BugTraq: 70352
- BugTraq: 26375
- CERT: CA-2000-02
- CVE: CVE-2013-3180
- CVE: CVE-2012-0233
- CVE: CVE-2007-5923
- CVE: CVE-2011-4156
- CVE: CVE-2011-4155
- CVE: CVE-2014-4075
- CVE: CVE-2011-2260
- CVE: CVE-2013-6039
- URL: http://php-security.org/MOPB/MOPB-08-2007.html