CVE-2009-3759

Name of the Vulnerable Software and Affected Versions Citrix XenCenterWeb (affected versions not specified)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow remote attackers to hijack the authentication of administrators. This can be achieved through requests that change the password via the username parameter to "config/changepw.php" or stop a virtual machine via the stop vmname parameter to "hardstopvm.php".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.