This host is running CA SiteMinder and is prone to cross-site scripting vulnerability.

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to CA SiteMinder R6 SP6 CR8, R12 SP3 CR9 or later. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={A7DA8AC2-E9B4-4DDE-B828-098E0955A344}

The flaw is due to improper validation of user-supplied input passed to the 'target' POST parameter in login.fcc (when 'postpreservationdata' is set to 'fail'), which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

CA SiteMinder R6 SP6 CR7 and earlier CA SiteMinder R12 SP3 CR8 and earlier

• http://osvdb.org/show/osvdb/77570
• http://secunia.com/advisories/47167
• http://securitytracker.com/id/1026394
• http://www.kb.cert.org/vuls/id/713012

---

Updated on 2017-03-28