CVE-2005-3971

Опубликовано: 03 дек. 2005

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

Ссылки

http://secunia.com/advisories/17819
Patch
Vendor Advisory
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://support.citrix.com/article/CTX108208
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15664
Patch
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396
http://secunia.com/advisories/17819
Patch
Vendor Advisory
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://support.citrix.com/article/CTX108208
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15664
Patch
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:metaframe_secure_access_manager:2.1:*:*:*:*:*:*:*

cpe:2.3:a:citrix:metaframe_secure_access_manager:2.2:*:*:*:*:*:*:*

cpe:2.3:a:citrix:nfuse:1.0:*:elite:*:*:*:*:*

EPSS

Процентиль: 72%

0.00734

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-x7r8-25j2-2f3f

github

почти 4 года назад