Cross site scripting

Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...

CVE-2008-3253

Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...

Citrix XenServer XenAPI HTTP接口跨站脚本漏洞

BUGTRAQ ID: 30265 Citrix XenServer产品线是一种企业级平台，通过灵活的聚合计算和存储资源对数据中心的服务器虚拟化进行管理。 XenServer的XenAPI HTTP接口存在跨站脚本漏洞，如果向XenServer发送了特制的URL的话，响应中会包含有未经正确转义的请求URL，导致在用户浏览器中执行客户端脚本。 Citrix XenServer 4.1 Citrix ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.citrix.com...