Cross-Site Scripting Vulnerability in Citrix Web Interface and NFuse
CVE-2007-6477

Currently unrated

Key Information:

Vendor: Citrix
Status: Web Interface
Vendor: CVE Published:; 20 December 2007

Summary

A cross-site scripting (XSS) vulnerability exists in the online help feature of Citrix Web Interface and NFuse, allowing remote attackers to execute arbitrary web scripts or HTML. This vulnerability arises due to improper handling of user input and can be exploited through various unspecified vectors. Successful exploitation may lead to unauthorized actions being performed on behalf of users, potentially compromising sensitive data and user accounts. Organizations using the affected versions are advised to take immediate steps to apply available security patches and implement security best practices to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id?1019132

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2007/4254

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/39123

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 20, 2007
Vulnerability Reserved
Dec 20, 2007