Citrix Web Interface XSS Network Vulnerability

Summary

The remote server is running a Citrix Web Interface server that is vulnerable to cross site scripting. When a user fails to authenticate, the Citrix Web Interface includes the error message text in the URL. The error message can be tampered with to perform a XSS attack.

Solution

Upgrade to Citrix Web Interface 2.1 or newer.

References

Updated on 2015-03-25

Severity

Classification

CVE CVE-2003-1157

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Directory Traversal Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
AdaptCMS 'init.php' Remote File Include Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities