Unrated severityNVD Advisory· Published Dec 3, 2005· Updated Jun 16, 2026
CVE-2005-3971
CVE-2005-3971
Description
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
Affected products
6cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:metaframe_secure_access_manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:metaframe_secure_access_manager:2.2:*:*:*:*:*:*:*
- (no CPE)range: >=2.0, <=2.2
- cpe:2.3:a:citrix:nfuse:1.0:*:elite:*:*:*:*:*
- Range: =1.0
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/17819nvdPatchVendor Advisory
- support.citrix.com/article/CTX108208nvdPatchVendor Advisory
- www.securityfocus.com/bid/15664nvdPatch
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- www.vupen.com/english/advisories/2005/2676nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/23396nvd
News mentions
0No linked articles in our index yet.