Citrix XenCenterWeb Multiple Input Validation Vulnerabilities

Citrix XenCenterWeb is prone to the following input-validation vulnerabilities:

- Multiple cross-site request-forgery vulnerabilities
- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- A remote command-execution vulnerability

Exploiting these issues could allow an attacker to execute arbitrary code, perform unauthorized actions, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


Privacy Statement
Copyright 2010, SecurityFocus