CVE-2005-3971
Citrix MetaFrame Secure Access Manager 2.0-2.2 and NFuse Elite 1.0 - Cross-Site Scripting via Login Username Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015305
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015304
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15664
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2676
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX108208
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17819
Scores
EPSS
0.0073
EPSS Percentile
73.0%
Details
Status
published
Products (4)
citrix/metaframe_secure_access_manager
2.0
citrix/metaframe_secure_access_manager
2.1
citrix/metaframe_secure_access_manager
2.2
citrix/nfuse
1.0
Published
Dec 03, 2005
Tracked Since
Feb 18, 2026