CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-3757

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile5.17th
Published2009年10月22日
Last Modified2026年4月23日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Citrix

Xencenterweb

All versions

References & Advisories

🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
🔗 http://securitytracker.com/id?1022520
🔗 http://www.exploit-db.com/exploits/9106
🔗 http://www.securityfocus.com/archive/1/504764
🔗 http://www.securityfocus.com/bid/35592
🔗 http://www.vupen.com/english/advisories/2009/1814
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/51575
🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

相关漏洞威胁

CVE-2009-37598.8

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb all...

CVE-2009-37587.5

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attacke...

CVE-2009-37607.5

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenter...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...