2 results (0.003 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. Vulnerabilidad de secuencias de comandos de sitios cruzados (cross-site scripting) en Citrix NFuse 1.6 y anteriores no pone entre comillas a los resultados del método getLastError, lo que permite a atacantes remotos ejecutar comandos en otros clientes mediante el parámetro NFuse_Application para lanzar launch.jsp o launch.asp. • https://www.exploit-db.com/exploits/21355 http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html http://www.iss.net/security_center/static/8659.php http://www.securityfocus.com/bid/4372 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. Citrix Nfuse 1.51 permite a atacantes remotos obtener la ruta absoluta de la raíz del web mediante una petición malformada que no provee el campo de sesión. • https://www.exploit-db.com/exploits/20987 http://www.securityfocus.com/archive/1/194449 http://www.securityfocus.com/archive/1/194522 http://www.securityfocus.com/bid/2956 https://exchange.xforce.ibmcloud.com/vulnerabilities/6786 •