Cross-Site Scripting Vulnerability in Citrix NFuse by Citrix
CVE-2002-0504

Currently unrated

Key Information:

Vendor
Citrix
Status
Vendor
CVE Published:
12 August 2002

Summary

The Cross-Site Scripting vulnerability in Citrix NFuse versions 1.6 and earlier allows remote attackers to inject and execute malicious scripts in the context of users' browsers. By manipulating the NFuse_Application parameter during requests to launch.jsp or launch.asp, attackers can exploit the lack of proper input sanitization in the getLastError method. This can potentially lead to session hijacking or data theft, underscoring the importance of securing web applications against such vulnerabilities.

References

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.