CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2002-0504 – Citrix NFuse 1.51/1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0504
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. Vulnerabilidad de secuencias de comandos de sitios cruzados (cross-site scripting) en Citrix NFuse 1.6 y anteriores no pone entre comillas a los resultados del método getLastError, lo que permite a atacantes remotos ejecutar comandos en otros clientes mediante el parámetro NFuse_Application para lanzar launch.jsp o launch.asp. • https://www.exploit-db.com/exploits/21355 http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html http://www.iss.net/security_center/static/8659.php http://www.securityfocus.com/bid/4372 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0503
https://notcve.org/view.php?id=CVE-2002-0503
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. Vulnerabilidad de atravesamiento de directorios en boilerplate.asp para Citrix NFuse 1.5 permite a usuarios identificados remotamente leer ficheros mediante un .. (punto punto) en el parámetro NFuse_Template. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0343.html http://www.iss.net/security_center/static/8654.php http://www.securityfocus.com/bid/4382 •