vulnerability note CVE-2009-3731

CA SiteMinder: Cross Site Scripting via WebWorks Help

Synthesis of the vulnerability

An attacker can use the WebWorks Help in order to generate a Cross Site Scripting in CA SiteMinder.

Severity: 2/4. Creation date: 05/03/2010.

Description of the vulnerability

The WebWorks Help (wwhelp) format is used to create online help pages. It is used by the CA SiteMinder product. However, a Cross Site Scripting was announced in WebWorks Help. It also impacts CA SiteMinder. An attacker can therefore invite the victim to access to a malicious url, in order to execute JavaScript code in the context of the CA SiteMinder product.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: CA SiteMinder: Cross Site Scripting via WebWorks Help. Keywords: Cross Help JavaScript Scripting Site SiteMinder WebWorks. Identifiers: CA20100304-01, CVE-2009-3731, VIGILANCE-VUL-9499.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service