{"edition": 1, "title": "Citrix MetaFrame XP Error Page XSS", "bulletinFamily": "software", "published": "2003-11-03T10:38:47", "lastseen": "2017-04-28T13:19:57", "history": [], "modified": "2003-11-03T10:38:47", "reporter": "OSVDB", "hash": "e86b6e2d08b4e5b5941ed3b5c2a893bea859fa8be0f2453448b766499d3d1d87", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:2762", "description": "## Vulnerability Description\nCitrix MetaFrame XP version 1.0 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"NFuse_Message\" variable parameters when generating error messages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nCitrix MetaFrame is a remote desktop application that works with the Windows Terminal Services to provide application server capabilities\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Citrix Systems has released a patch to address this vulnerability.\n## Short Description\nCitrix MetaFrame XP version 1.0 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"NFuse_Message\" variable parameters when generating error messages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.mycitrix.com/\n[Secunia Advisory ID:10127](https://secuniaresearch.flexerasoftware.com/advisories/10127/)\nISS X-Force ID: 13569\nGeneric Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2003-10/0341.html\nBugtraq ID: 8939\n", "affectedSoftware": [{"name": "Citrix MetaFrame", "version": "XP", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "78444ae3234ada8b4eb1d3ac963a5996"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "dc524ee0d315ef0fcd1ed66fa56e65bf"}, {"key": "href", "hash": "0b4d525ffde98cc270da646cefa56ab0"}, {"key": "modified", "hash": "da0c57a52b0bed57fd4243de2d656a0d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "da0c57a52b0bed57fd4243de2d656a0d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "fb252d1c17a1cf72a22a8122e2a21b2f"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 1.4, "vector": "NONE", "modified": "2017-04-28T13:19:57"}, "dependencies": {"references": [], "modified": "2017-04-28T13:19:57"}, "vulnersScore": 1.4}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:2762"}

{}