Vulnerabilities > Citrix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-14 | CVE-2009-2454 | Cross-Site Scripting vulnerability in Citrix web Interface 4.6/5.0/5.0.1 Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-06-25 | CVE-2009-2214 | Resource Management Errors vulnerability in Citrix Secure Gateway 3.0 The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | 5.0 |
| 2009-06-25 | CVE-2009-2213 | Incorrect Authorization vulnerability in Citrix products The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | 6.5 |
| 2009-06-08 | CVE-2008-6830 | Unspecified vulnerability in Citrix web Interface 5.0/5.0.1 The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. | 4.0 |
| 2008-10-22 | CVE-2008-4676 | Permissions, Privileges, and Access Controls vulnerability in Citrix Access Essentials, Presentation Server and Xenapp Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. | 6.8 |
| 2008-07-22 | CVE-2008-3253 | Cross-Site Scripting vulnerability in Citrix Xenserver 4.1.0 Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-05-18 | CVE-2008-2300 | Permissions, Privileges, and Access Controls vulnerability in Citrix products Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. | 6.5 |
| 2008-05-18 | CVE-2008-2299 | Cryptographic Issues vulnerability in Citrix products Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. | 5.0 |
| 2007-12-20 | CVE-2007-6477 | Cross-Site Scripting vulnerability in Citrix web Interface 2.0 Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-11-30 | CVE-2007-6193 | Information Exposure vulnerability in Citrix Netscaler 8.0 The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | 5.0 |