CVE-2026-3862

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 80.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Siteminder
Timeline
PublishedMar 10

Description

Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5broadcom/siteminder12.8.x, 12.9+1

🔴Vulnerability Details

2
GHSA
GHSA-5p5r-v3f4-wcfv: Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web pag2026-03-10
CVEList
Cross-Site Scripting Vulnerability in SiteMinder Administrative UI2026-03-10
CVE-2026-3862 (MEDIUM CVSS 4.6) | Cross-site Scripting (XSS) allows a | cvebase.io