CVE-2011-4054: XSS
First published: Thu Dec 08 2011(Updated: )
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CA SiteMinder | <=6 | |
| CA SiteMinder | <=12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2011-4054?
CVE-2011-4054 is classified as a moderate severity vulnerability due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2011-4054?
To fix CVE-2011-4054, upgrade CA SiteMinder to version R6 SP6 CR7 or R12 SP3 CR8 or later.
What systems are affected by CVE-2011-4054?
CVE-2011-4054 affects CA SiteMinder versions earlier than R6 SP6 CR7 and R12 SP3 CR8.
What type of vulnerability is CVE-2011-4054?
CVE-2011-4054 is a cross-site scripting (XSS) vulnerability.
Can CVE-2011-4054 be exploited remotely?
Yes, CVE-2011-4054 can be exploited remotely by attackers through the postpreservationdata parameter.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ca
- canonical/ca siteminder
- version/ca siteminder/6
- version/ca siteminder/12