CVE-2005-3971 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

Affected Software

Name	Vendor	Start Version	End Version
Metaframe_secure_access_manager	Citrix	2.0 (including)	2.0 (including)
Metaframe_secure_access_manager	Citrix	2.1 (including)	2.1 (including)
Metaframe_secure_access_manager	Citrix	2.2 (including)	2.2 (including)
Nfuse	Citrix	1.0 (including)	1.0 (including)

References

http://secunia.com/advisories/17819
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://support.citrix.com/article/CTX108208
http://www.securityfocus.com/bid/15664
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396
http://secunia.com/advisories/17819
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://support.citrix.com/article/CTX108208
http://www.securityfocus.com/bid/15664
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3971
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html