CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3253
https://notcve.org/view.php?id=CVE-2008-3253
Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en las interfaces XenAPI HTTP en Citrix XenServer Express, Standard, y Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express y Enterprise) 4.1.0; y HP integrated Citrix XenServer (Select y Enterprise) 4.1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/31133 http://support.citrix.com/article/CTX117814 http://www.securityfocus.com/bid/30265 http://www.securitytracker.com/id?1020515 http://www.vupen.com/english/advisories/2008/2117/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43857 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •