Vulnerability CVE-2005-3971
Published: 2005-12-03   Modified: 2012-02-12

Description:
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Citrix -> Metaframe secure access manager 
Citrix -> Nfuse 

 References:
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://support.citrix.com/article/CTX108208
http://www.securityfocus.com/bid/15664
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396
Copyright 2024, cxsecurity.com

 

Back to Top