Cross-site Scripting Vulnerability in Broadcom Products
CVE-2026-3862

4.6MEDIUM

Key Information:

Vendor: Broadcom
Status: Siteminder
Vendor: CVE Published:; 10 March 2026

What is CVE-2026-3862?

This vulnerability enables attackers to exploit the application by submitting specifically crafted input, which is then rendered unmodified in the web interface. The impact of this issue can lead to unauthorized script execution in the context of a user's session, providing adversaries opportunities to steal sensitive information or perform actions on behalf of the user.

Affected Version(s)

SiteMinder 12.9

SiteMinder 12.8.x

References

https://support.broadcom.com/web/ecx/support-content-noti...

vendor-advisory

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-3862 Data

JSON