- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23316
- Проверка EDB
-
- Пройдено
- Автор
- ANDY DAVIS
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2003-1157
- Дата публикации
- 2003-10-31
Код:
source: https://www.securityfocus.com/bid/8939/info
Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page. Exploitation of this issue could potentially result in the theft of cookie-based authentication credentials, or other attacks.
https://www.example.com/citrix/metaframexp/default/login.asp?NFuse_LogoutId=On&NFuse_
MessageType=Error&NFuse_Message=<SCRIPT>alert("Vulnerable to XSS")</SCRIPT>- Источник
- www.exploit-db.com
