[原文]Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
CA eTrust SiteMinder smpwservicescgi.exe PASSWORD Parameter XSS
Remote / Network Access
Loss of Integrity
CA eTrust SiteMinder contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'PASSWORD' parameter, when the 'CSSChecking' parameter is set to "NO", upon submission to the smpwservicescgi.exe script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Make sure the 'CSSChecking' parameter has not been set to "NO".