6 lines
No EOL
554 B
Text
6 lines
No EOL
554 B
Text
source: http://www.securityfocus.com/bid/8939/info
|
|
|
|
Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page. Exploitation of this issue could potentially result in the theft of cookie-based authentication credentials, or other attacks.
|
|
|
|
https://www.example.com/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_
|
|
MessageType=Error&NFuse_Message=<SCRIPT>alert("Vulnerable to XSS")</SCRIPT> |