CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2002-0504 – Citrix NFuse 1.51/1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0504
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. Vulnerabilidad de secuencias de comandos de sitios cruzados (cross-site scripting) en Citrix NFuse 1.6 y anteriores no pone entre comillas a los resultados del método getLastError, lo que permite a atacantes remotos ejecutar comandos en otros clientes mediante el parámetro NFuse_Application para lanzar launch.jsp o launch.asp. • https://www.exploit-db.com/exploits/21355 http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html http://www.iss.net/security_center/static/8659.php http://www.securityfocus.com/bid/4372 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0502 – Citrix Nfuse 1.6 - Published Applications Information Leak
https://notcve.org/view.php?id=CVE-2002-0502
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. • https://www.exploit-db.com/exploits/21235 http://www.securityfocus.com/archive/1/251737 http://www.securityfocus.com/archive/1/251923 http://www.securityfocus.com/bid/3926 https://exchange.xforce.ibmcloud.com/vulnerabilities/7984 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0301
https://notcve.org/view.php?id=CVE-2002-0301
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. Citrix NFuse 1.6 permite a atacantes remotos sortear la autenticación y obtener información sensible llamando directamente a launch.asp con parámetros NFUSE_USER y NFUSE_PASSWORD inválidos. • http://marc.info/?l=bugtraq&m=101424947801895&w=2 http://www.securityfocus.com/bid/4142 •