Cross-site scripting vulnerability in Citrix NFuse 1.6 and previous versions does not quote results from the getLastError method, which allows remote malicious users to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrix nfuse |
||
citrix nfuse 1.51 |