Lucene search

MitreCVE-2009-3757

HistoryOct 22, 2009 - 5:30 p.m.

CVE-2009-3757

2009-10-2217:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-3757

xss

citrix

xencenterweb

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

77.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

citrixxencenterweb

VendorProductVersionCPE
citrixxencenterweb*cpe:2.3:a:citrix:xencenterweb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	xencenterweb	*	cpe:2.3:a:citrix:xencenterweb::::::::

References

securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

securitytracker.com/id?1022520

www.exploit-db.com/exploits/9106

www.securityfocus.com/archive/1/504764

www.securityfocus.com/bid/35592

www.vupen.com/english/advisories/2009/1814

exchange.xforce.ibmcloud.com/vulnerabilities/51575

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

77.2%

JSON

Related for CVE-2009-3757