Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The SiteMinder - DOM Cross-Site Scripting
module is designed to identify a high severity cross-site scripting vulnerability in SiteMinder's document object model. This module targets SiteMinder, a software that provides centralized web access management and authentication.
This module can detect misconfiguration or vulnerability in SiteMinder. It works by sending HTTP requests to specific paths and then matching the response against predefined conditions. The module requires the response to have a status code of 200, contain the text "="confirm(document.domain)">
you cannot access your", and have the header set to "text/html".
The impact of this vulnerability can be severe, as it allows an attacker to inject malicious scripts into the affected web application, leading to potential data theft, session hijacking, or unauthorized actions.
Author: Unknown