Cross-Site Scripting Vulnerability in Citrix NFuse by Citrix
CVE-2002-0504

Currently unrated

Key Information:

Vendor: Citrix
Status: Nfuse
Vendor: CVE Published:; 12 August 2002

Summary

The Cross-Site Scripting vulnerability in Citrix NFuse versions 1.6 and earlier allows remote attackers to inject and execute malicious scripts in the context of users' browsers. By manipulating the NFuse_Application parameter during requests to launch.jsp or launch.asp, attackers can exploit the lack of proper input sanitization in the getLastError method. This can potentially lead to session hijacking or data theft, underscoring the importance of securing web applications against such vulnerabilities.

References

http://www.iss.net/security_center/static/8659.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-03/03...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4372

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jun 7, 2002