Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting
------------------------------
Han Sahin, August 2014
------------------------------
Abstract
------------------------------
A Cross-Site Scripting vulnerability was found in the xen_hotfix page of
the Citrix NITRO SDK. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.
------------------------------
Tested version
------------------------------
This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9;,
other versions may also be affected.
------------------------------
Fix
------------------------------
Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.3nc.
------------------------------
Details
------------------------------
https://www.securify.nl/adviso
Komentarų nėra:
Rašyti komentarą