CVE-2005-2204 Information

Description

Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5 when the \CSSChecking\ parameter is set to \NO\ allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe (3) the TARGET parameter to login.fcc and possibly other vectors.

Reference

http://marc.info/?l=bugtraq&m=112084050624959&w=2 http://marc.info/?l=bugtraq&m=112110963416714&w=2 http://secunia.com/advisories/15956 http://securitytracker.com/id?1014433 http://www.osvdb.org/17809 http://www.osvdb.org/17810 http://www.vupen.com/english/advisories/2005/1040 https://exchange.xforce.ibmcloud.com/vulnerabilities/21305