Citrix XenServer Web Self Service
Version: 1.1 and earlier
Severity level: Medium
Impact: Cross-site scripting
Access Vector: Remote
Base Score: 4.9
CVE: not assigned
The specialists of the Positive Research center have detected "Cross-site scripting" vulnerability in Citrix XenServer Web Self Service.
Since special characters in usernames are not properly escaped a stored XSS attack is possible.
Update your software up to the latest version
10.11.2011 - Vendor is notified
10.11.2011 - Vendor gets vulnerability details
10.03.2012 - Vendor releases fixed version and details
28.09.2012 - Public disclosure
The vulnerability has discovered by Kirill Mosolov, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: