CVE-2009-3757

{"id": "CVE-2009-3757", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-10-22T17:30:00.453", "references": [{"url": "http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1022520", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/9106", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504764", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35592", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1814", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51575", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en en el XenServer Resource Kit de Citrix XenCenterWeb, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de (1) el par\u00e1metro username de config/edituser.php; (2) los par\u00e1metros location, (3) sessionid y (4) vmname de console.php; (5) los par\u00e1metros vmrefid y (6) vmname de forcerestart.php; y (7) los par\u00e1metros vmname (8) vmrefid de forcesd.php.\r\nNOTA: Algunos de estos detalles han sido obtenidos de fuentes externas."}], "lastModified": "2017-09-19T01:29:45.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xencenterweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA67DCE8-9246-467B-872C-FF9518EF94CA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}