Short Name |
HTTP:XSS:HTML-SCRIPT-IN-POST |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
HTML Script Tag Embedded in Post Submission |
Release Date |
2009/11/24 |
Update Number |
1551 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. This signature can false positive on valid submissions containing scripts.
Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. We were not told which versions are affected. We will update this BID as more information emerges.