HTTP: HTML Script Tag Embedded in Post Submission
This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. This signature can false positive on valid submissions containing scripts.
Extended Description
Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. We were not told which versions are affected. We will update this BID as more information emerges.
Affected Products
Computer_associates siteminder
Short Name
HTTP:XSS:HTML-SCRIPT-IN-POST
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CA-2000-02 CVE-2007-5923 CVE-2010-1486 CVE-2011-2260 CVE-2011-4155 CVE-2011-4156 CVE-2012-0233 CVE-2012-2908 CVE-2012-3183 CVE-2012-3184 CVE-2012-5228 CVE-2012-5315 CVE-2013-3180 CVE-2013-6039 CVE-2014-10034 CVE-2014-4075 CVE-2015-1575 CVE-2015-3440 CVE-2016-0711 CVE-2017-14618 CVE-2017-5798 CVE-2018-8006 CVE-2019-17115 CVE-2021-21630 CVE-2021-40577 Embedded HTML Post Script Submission Tag bid:26375 bid:66973 bid:70352 in
Release Date
11/24/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Frequently
Vendors
Computer_associates
CVSS Score
6.5
7.5
4.3
3.5
4.9
5.8