CVE-2008-3253

Name of the Vulnerable Software and Affected Versions: Citrix XenServer Express version 4.1.0 Citrix XenServer Standard Edition version 4.1.0 Citrix XenServer Enterprise Edition version 4.1.0 Citrix XenServer Dell Edition (Express) version 4.1.0 Citrix XenServer Dell Edition (Enterprise) version 4.1.0 HP integrated Citrix XenServer (Select) version 4.1.0 HP integrated Citrix XenServer (Enterprise) version 4.1.0

Description: The issue is related to a cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces. This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Recommendations: For Citrix XenServer Express version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available. For Citrix XenServer Standard Edition version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available. For Citrix XenServer Enterprise Edition version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available. For Citrix XenServer Dell Edition (Express) version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available. For Citrix XenServer Dell Edition (Enterprise) version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available. For HP integrated Citrix XenServer (Select) version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available. For HP integrated Citrix XenServer (Enterprise) version 4.1.0, consider restricting access to the XenAPI HTTP interfaces until a fix is available.