6 matches found
CVE-2005-3971
CVE-2005-3971 affects Citrix MetaFrame Secure Access Manager 2.0–2.2 and NFuse Elite 1.0. It is a cross-site scripting (XSS) vulnerability in the login form that allows remote attackers to inject arbitrary web script or HTML via the username field. The connected sources document this vulnerabilit...
CVE-2001-0760
Citrix Nfuse 1.51 is affected: a malformed request to launch.asp that omits the session field can disclose the absolute path of the web root to remote attackers, enabling partial disclosure of server information. No remediation or exploitation details are provided in the connected documents.
CVE-2002-0502
CVE-2002-0502 affects Citrix NFuse 1.6. Affected component: applist.asp handling within NFuse, enabling remote attackers to list available applications without authentication. Root cause is improper access control on the applist.asp endpoint, leading to potential information disclosure. CVSS metr...
CVE-2002-0504
CVE-2002-0504 describes a remote cross-site scripting flaw in Citrix NFuse 1.6 and earlier where results from getLastError are not quoted, allowing an attacker to inject script via the NFuse_Application parameter to launch.jsp or launch.asp. The CVSS v2 base metrics are provided (AV:N/AC:L/Au:N/C...
CVE-2002-0301
Citrix NFuse 1.6 is affected: authentication can be bypassed by directly calling launch.asp using invalid NFUSE_USER and NFUSE_PASSWORD parameters, enabling access to sensitive information (partial confidentiality). Root cause: flawed authentication check visible in launch.asp handling of those p...
CVE-2002-0503
CVE-2002-0503 corresponds to a directory traversal vulnerability in Citrix NFuse 1.5 , affecting the internal file ** boilerplate.asp**. The issue allows remote authenticated users to read arbitrary files via a double-dot sequence in the NFuse_Template parameter. The publicly available details (N...