Cross-Site Scripting Vulnerability in Citrix NFuse by Citrix
CVE-2002-0504
Currently unrated
Summary
The Cross-Site Scripting vulnerability in Citrix NFuse versions 1.6 and earlier allows remote attackers to inject and execute malicious scripts in the context of users' browsers. By manipulating the NFuse_Application parameter during requests to launch.jsp or launch.asp, attackers can exploit the lack of proper input sanitization in the getLastError method. This can potentially lead to session hijacking or data theft, underscoring the importance of securing web applications against such vulnerabilities.
References
EPSS Score
6% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved