CVE-2026-3862 MEDIUM

CVE-2026-3862: Cross-Site Scripting Vulnerability in SiteMinder Administrative UI

Vendor Broadcom
Product SiteMinder
Published March 10, 2026
Last update March 10, 2026

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/RE:M/U:Green

What the vulnerability does

01Description

Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 10, 2026 Record updated