CVE-2024-36459 Information

Description

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result an attacker can execute arbitrary Javascript code in a client browser.

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537 https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1