Security vulnerability is reported after a server vulnerability scan.
The page referencing is an OOTB page and auth scheme.
Severity Rating: Medium
Vulnerability Summary: Cross-Site Scripting (XSS)
Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application.
Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server.
Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the
site, the user may be more likely to trust the request and actually install the malware.
All policy server releases: 12.8
1. During password services processing, a user request is redirected multiple times. When the request is redirected, the login ID (typically the username) which was entered by the user is appended to the request URL by default. To modify the default behavior so that the login ID (username) is not appended to redirects, do the following procedures per documentation (Remove the Login ID When Redirecting for Password Services):
3. Additionally, one can implement ACO parameter called SecureURLs (Specifies whether the Web Agent encrypts the SiteMinder query parameters in a redirect URL). This option often is not practical to implement, due to large number of apps and agents are already integrated in production. However, it is the ultimate solution.
SecureURLs is used for encrypting query string parameters in redirection URLs within a single sign-on environment, when doing so, ensure that all Web Agents in the single sign-on environment have the SecureURL parameter set to the same value.