Описание
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.6 (включая)
Одно из
cpe:2.3:a:citrix:nfuse:*:*:*:*:*:*:*:*
cpe:2.3:a:citrix:nfuse:1.51:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06163
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
EPSS
Процентиль: 91%
0.06163
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other