Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

CA Single Sign On Agents (SiteMinder)

1 more products


27 May 2023

27 May 2023






The Symantec SiteMinder Web Agent is susceptible to cross-site scripting attacks, where an attack URL can be presented to unsuspecting users. When a user clicks on the URL, an application may return a display to the browser that includes the input characters, along with an error message about bad parameters on the query string. The display of these parameters in the browser can lead to an unwanted script being executed on the browser.

This advisory provides guidelines to help customers prevent such attacks.

Affected Product(s)

Symantec SiteMinder WebAgent
CVE Supported Version(s) Remediation
CVE-2023-23956 WebAgent 12.52 Please follow the below-documented guidelines:


Issue Details

Severity / CVSS v3.0: Medium / 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
References: NVD: CVE-2023-23956
Impact: Cross-Site Scripting
Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser


Mitigation & Additional Information

Customer can prevent the above mentioned cross-site scripting attacks by following the guidelines:



2023-May-27 Initial public release