Cross-site Scripting Vulnerability in Citrix XenServer HTTP Interfaces
CVE-2008-3253

Currently unrated

Key Information:

Vendor: Citrix
Status: Xenserver
Vendor: CVE Published:; 22 July 2008

Summary

The Citrix XenServer HTTP interfaces are susceptible to a cross-site scripting (XSS) vulnerability, affecting versions 4.1.0 across various editions including Express, Standard, and Enterprise, as well as Dell and HP integrated Editions. This flaw allows remote attackers to inject arbitrary web scripts or HTML content through unspecified vector(s), potentially compromising the security of affected systems. It's crucial for users to implement the necessary patches to mitigate these risks and safeguard their virtual environments.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/43857

vdb-entryx_refsource_XF

http://support.citrix.com/article/CTX117814

x_refsource_CONFIRM

http://www.securitytracker.com/id?1020515

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 22, 2008
Vulnerability Reserved
Jul 22, 2008