3 matches found
CVE-2002-0504
CVE-2002-0504 describes a remote cross-site scripting flaw in Citrix NFuse 1.6 and earlier where results from getLastError are not quoted, allowing an attacker to inject script via the NFuse_Application parameter to launch.jsp or launch.asp. The CVSS v2 base metrics are provided (AV:N/AC:L/Au:N/C...
CVE-2002-0502
CVE-2002-0502 affects Citrix NFuse 1.6. Affected component: applist.asp handling within NFuse, enabling remote attackers to list available applications without authentication. Root cause is improper access control on the applist.asp endpoint, leading to potential information disclosure. CVSS metr...
CVE-2002-0301
Citrix NFuse 1.6 is affected: authentication can be bypassed by directly calling launch.asp using invalid NFUSE_USER and NFUSE_PASSWORD parameters, enabling access to sensitive information (partial confidentiality). Root cause: flawed authentication check visible in launch.asp handling of those p...