CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3759

HIGH
8.8
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile43.95th
PublishedOct 22, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Citrix

Xencenterweb

All versions

References & Advisories

πŸ”— http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
πŸ”— http://securitytracker.com/id?1022520
πŸ”— http://www.exploit-db.com/exploits/9106
πŸ”— http://www.securityfocus.com/archive/1/504764
πŸ”— http://www.securityfocus.com/bid/35592
πŸ”— http://www.vupen.com/english/advisories/2009/1814
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/51576
πŸ”— http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

Related Vulnerabilities

CVE-2009-37587.5

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attacke...

CVE-2009-37607.5

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenter...

CVE-2009-37574.3

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remo...

CVE-2009-049210.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerabilit...