2 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. • http://secunia.com/advisories/17819 http://securitytracker.com/id?1015304 http://securitytracker.com/id?1015305 http://support.citrix.com/article/CTX108208 http://www.securityfocus.com/bid/15664 http://www.vupen.com/english/advisories/2005/2676 https://exchange.xforce.ibmcloud.com/vulnerabilities/23396 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. Vulnerabilidad de secuencias de comandos de sitios cruzados (cross-site scripting) en Citrix NFuse 1.6 y anteriores no pone entre comillas a los resultados del método getLastError, lo que permite a atacantes remotos ejecutar comandos en otros clientes mediante el parámetro NFuse_Application para lanzar launch.jsp o launch.asp. • https://www.exploit-db.com/exploits/21355 http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html http://www.iss.net/security_center/static/8659.php http://www.securityfocus.com/bid/4372 •