Summary
The remote server is running a Citrix Web Interface server that is vulnerable to cross site scripting. When a user fails to authenticate, the Citrix Web Interface includes the error message text in the URL. The error message can be tampered with to perform a XSS attack.
Solution
Upgrade to Citrix Web Interface 2.1 or newer.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2003-1157 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Tomcat Multiple Vulnerabilities June-09