Search

Citrix Products Login Page Cross-Site Scripting Vulnerability

Friday, 02 December 2005 by Michel Roth

A vulnerability has been reported in some Citrix products, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the user name field of the login page isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Read the advisory here.

Related Items:

Citrix Web Interface On-line Help Feature Cross Site Scripting Vulnerability (19 December 2007)
Updated: Mozilla Firefox Two Critical Vulnerabilities (13 May 2005)
Citrix Presentation Server Client Unspecified Code Execution (2 March 2007)
0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
Firefox Multiple Vulnerabilities (13 July 2005)
Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
VMware ESX Server Multiple Vulnerabilities (2 August 2006)
Warning: Microsoft Windows WMF Handling Arbitrary Code Execution - Exploit In the Wild (29 December 2005)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
Zero Day Microsoft Word Unspecified Code Execution Vulnerability (20 May 2006)

Comments (0)

Show/Hide comment form toggle

toggle

Our Newsletter

Stay Updated

Stay Updated!

Latest downloads

Stresstesing Provision Networks Components With DeNamiK LoadGenDeNamiK LoadGen1.3Visionapp Remote Desktop managerDeNamik Service WrapperLogin Consultants TS Task ManagerDeNamiK sftImportSoftgrid Precache All Applications Script: CacheAllSFTAppsThincomputing.net Tools v1.02

Latest Blog items