CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2005-3971
https://notcve.org/view.php?id=CVE-2005-3971
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. • http://secunia.com/advisories/17819 http://securitytracker.com/id?1015304 http://securitytracker.com/id?1015305 http://support.citrix.com/article/CTX108208 http://www.securityfocus.com/bid/15664 http://www.vupen.com/english/advisories/2005/2676 https://exchange.xforce.ibmcloud.com/vulnerabilities/23396 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0502 – Citrix Nfuse 1.6 - Published Applications Information Leak
https://notcve.org/view.php?id=CVE-2002-0502
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. • https://www.exploit-db.com/exploits/21235 http://www.securityfocus.com/archive/1/251737 http://www.securityfocus.com/archive/1/251923 http://www.securityfocus.com/bid/3926 https://exchange.xforce.ibmcloud.com/vulnerabilities/7984 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0503
https://notcve.org/view.php?id=CVE-2002-0503
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. Vulnerabilidad de atravesamiento de directorios en boilerplate.asp para Citrix NFuse 1.5 permite a usuarios identificados remotamente leer ficheros mediante un .. (punto punto) en el parámetro NFuse_Template. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0343.html http://www.iss.net/security_center/static/8654.php http://www.securityfocus.com/bid/4382 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2002-0504 – Citrix NFuse 1.51/1.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0504
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. Vulnerabilidad de secuencias de comandos de sitios cruzados (cross-site scripting) en Citrix NFuse 1.6 y anteriores no pone entre comillas a los resultados del método getLastError, lo que permite a atacantes remotos ejecutar comandos en otros clientes mediante el parámetro NFuse_Application para lanzar launch.jsp o launch.asp. • https://www.exploit-db.com/exploits/21355 http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html http://www.iss.net/security_center/static/8659.php http://www.securityfocus.com/bid/4372 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0301
https://notcve.org/view.php?id=CVE-2002-0301
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. Citrix NFuse 1.6 permite a atacantes remotos sortear la autenticación y obtener información sensible llamando directamente a launch.asp con parámetros NFUSE_USER y NFUSE_PASSWORD inválidos. • http://marc.info/?l=bugtraq&m=101424947801895&w=2 http://www.securityfocus.com/bid/4142 •