CVE-2005-3971 — Cross-site Scripting in Citrix Metaframe Secure Access Manager

4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Metaframe Secure Access Manager Citrix Nfuse Citrix ADM +6 more

Timeline

PublishedDec 3

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages9 packages

▶NVDcitrix/metaframe_secure_access_manager2.0, 2.1, 2.2+2

▶NVDcitrix/nfuse1.0

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

Patches

Patch: secunia.com ↗Patch: support.citrix.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x7r8-25j2-2f3f: Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2005-3971: Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote↗2005-12-03

▶

Citrix

Citrix Security Bulletin CTX108208↗

▶