CVE-2003-1157
published 2003-12-31CVE-2003-1157: Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.89%
88.9th percentile
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | metaframe | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8wwh-pv6m-r78g: Cross-site scripting (XSS) vulnerability in login
ghsa_unreviewed·2022-04-29
CVE-2003-1157 [MEDIUM] GHSA-8wwh-pv6m-r78g: Cross-site scripting (XSS) vulnerability in login
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
Citrix
CVE-2003-1157: Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML
vendor_citrix·2003-12-31·CVSS 4.3
CVE-2003-1157 [MEDIUM] CVE-2003-1157: Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML
CVE-2003-1157: Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
No detection rules found.
Exploit-DB
Citrix Metaframe XP - Cross-Site Scripting
exploitdb·2003-10-31
CVE-2003-1157 Citrix Metaframe XP - Cross-Site Scripting
Citrix Metaframe XP - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/8939/info
Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page. Exploitation of this issue could potentially result in the theft of cookie-based authentication credentials, or other attacks.
https://www.example.com/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_
MessageType=Error&NFuse_Message=alert("Vulnerable to XSS")
Exploit-DB
Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention
exploitdb·2000-04-28
CVE-2003-0336 Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention
Qualcomm Eudora 4.2/4.3 - Warning Message Circumvention
---
source: https://www.securityfocus.com/bid/1157/info
A malicious email sender can circumvent warning messages that would normally display when a user attempts to view executable attachments in Eudora 4.2/4.3. Eudora does not prompt a user with the warning message if they are attempting to open a file that is neither .exe, .com, or .bat.
Inserting the tag
http ://www.example.com
in an email message will display as:
http ://www.example.com
in a Eudora email client.
Therefore, when a user clicks on this link, it will automatically open up the executable file without warning.
No writeups or analysis indexed.
http://secunia.com/advisories/10127http://www.osvdb.org/2762http://www.securityfocus.com/archive/1/343040http://www.securityfocus.com/bid/27948http://www.securityfocus.com/bid/8939https://exchange.xforce.ibmcloud.com/vulnerabilities/13569https://exchange.xforce.ibmcloud.com/vulnerabilities/40782http://secunia.com/advisories/10127http://www.osvdb.org/2762http://www.securityfocus.com/archive/1/343040http://www.securityfocus.com/bid/27948http://www.securityfocus.com/bid/8939https://exchange.xforce.ibmcloud.com/vulnerabilities/13569https://exchange.xforce.ibmcloud.com/vulnerabilities/40782
2003-12-31
Published