Priority vulnerability associated with SiteMinder, related to the following
Release : R12.52 webagents
You can see in the URLs below, they all go to the same path, /siteminderagent/forms/smpwservices.fcc.
The main difference is the parameter where the payload goes, but they are both related to password services.
In such cases, the problem is that the input that is entered on the USERNAME parameter is entered directly into the DOM with the method document.write(), which is inherently susceptible to XSS as it can insert HTML and JavaScript into the DOM. You can see that in the HTTP response for any of the reported URLs in this example.
FCCHTMLEncoding = no
FCCHTMLEncodingChars = %22,%26,%27,%3c,%3e,%5c