BugTraq
Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting Mar 19 2015 04:13PM
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting
------------------------------------------------------------------------

Han Sahin, August 2014

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

A Cross-Site Scripting vulnerability was found in the xen_hotfix page of
the Citrix NITRO SDK. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.

------------------------------------------------------------------------

Tested version
------------------------------------------------------------------------

This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9;,
other versions may also be affected.

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.3nc.

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix
_page_is_vulnerable_to_cross_site_scripting.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus