Title: Reflected cross-site scripting vulnerability in DIGIPASS authentication for Citrix Web Interface
CVE ID: CVE-2015-7349
CVSSv3 Base Score: 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Vendor: Vasco (https://www.vasco.com)
Products: DIGIPASS authentication for Citrix Web Interface
Advisory Release Date: 6 October 2015
Advisory URL: https://labs.integrity.pt/advisories/cve-2015-7349
Credits: Discovery by Filipe Bernardo <fb[at]integrity.pt>
Vasco DIGIPASS authentication for Citrix Web Interface is vulnerable to Cross-site scripting (XSS) on the login page.
The DIGIPASS plug-in is installed on IIS server and when a user attempts to login and an error occurs, this plugin handles the action and shows an error message displaying the reason. The failmessage parameter is vulnerable to XSS.
When a login error occurs the failmessage parameter displays an error message from the DIGIPASS plug-in with the information regarding the error.
The standard URL of the vulnerable Authentication page is the following:
The vulnerable parameter is failmessage.