News
Vigil@nce: Citrix Web Interface, Cross Site Scripting
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a Cross Site Scripting in Citrix Web Interface.
Severity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 29/04/2009
IMPACTED PRODUCTS
Citrix XenApp
Citrix XenDesktop
DESCRIPTION OF THE VULNERABILITY
The Citrix Web Interface (CWI) product can be installed to work with XenApp and XenDesktop.
An attacker can generate a Cross Site Scripting in Citrix Web Interface.
Technical details are unknown.
CHARACTERISTICS
Identifiers: BID-34761, CTX120697, VIGILANCE-VUL-8682
http://vigilance.fr/vulnerability/Citrix-Web-Interface-Cross-Site-Scripting-8682
