CVE-2005-3971

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/17819	Patch Vendor Advisory
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://support.citrix.com/article/CTX108208	Patch Vendor Advisory
http://www.securityfocus.com/bid/15664	Patch
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:::::::*
	cpe:2.3:a:citrix:metaframe_secure_access_manager:2.1:::::::*
	cpe:2.3:a:citrix:metaframe_secure_access_manager:2.2:::::::*
	cpe:2.3:a:citrix:nfuse:1.0::elite:::::

History

No history.

Information

Published : 2005-12-03 19:03

Updated : 2017-07-20 01:29

NVD link : CVE-2005-3971

Mitre link : CVE-2005-3971

CVE.ORG link : CVE-2005-3971

JSON object : View

Products Affected

citrix

metaframe_secure_access_manager
nfuse

CWE

NVD-CWE-Other

{"id": "CVE-2005-3971", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-03T19:03:00.000", "references": [{"url": "http://secunia.com/advisories/17819", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015304", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015305", "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX108208", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15664", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2676", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23396", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field."}], "lastModified": "2017-07-20T01:29:07.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02CEEF28-CB2C-47A4-A0F1-B6AB9C8A132B"}, {"criteria": "cpe:2.3:a:citrix:metaframe_secure_access_manager:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5123FE8-FA68-4844-8F70-ED1F5C1086E0"}, {"criteria": "cpe:2.3:a:citrix:metaframe_secure_access_manager:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F6523EC-2F19-4C9C-9139-483DDCC1667E"}, {"criteria": "cpe:2.3:a:citrix:nfuse:1.0:*:elite:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27E22341-F1AD-4551-8EA6-7106FA590A21"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}