CVE-2009-3757

Currently unrated

Key Information:

Vendor: Citrix
Status: Xencenterweb
Vendor: CVE Published:; 22 October 2009

Summary

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.

References

http://www.securityfocus.com/archive/1/504764

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2009/1814

vdb-entryx_refsource_VUPEN

http://securenetwork.it/ricerca/advisory/download/SN-2009...

x_refsource_MISC

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 22, 2009
Vulnerability Reserved
Oct 22, 2009

Collectors

NVD DatabaseMitre Database