Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Apr 16, 2026

CVE-2002-0504

Description

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.

Affected products

Citrix Systems/Nfuse2 versions
cpe:2.3:a:citrix:nfuse:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:citrix:nfuse:*:*:*:*:*:*:*:*range: <=1.6
- cpe:2.3:a:citrix:nfuse:1.51:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2002-03/0334.htmlnvdExploit
www.iss.net/security_center/static/8659.phpnvdExploit
www.securityfocus.com/bid/4372nvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000