Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Citrix XenCenterWeb多个跨站脚本攻击漏洞
Vulnerability Description
Citrix XenCenterWeb是用于管理Citrix XenServer环境的web界面。 XenCenterWeb的多个模块没有正确的验证用户所提供的输入,远程攻击者可以通过向服务器提交恶意请求执行跨站脚本。 在默认的PHP配置中(register_globals=Off且magic_quotes_gpc=On),可以通过向edituser.php脚本提交恶意的username参数执行跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A