CVE-2009-3759

8.8 HIGH
Published: October 22, 2009 Modified: April 23, 2026
View on NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
Source: cve@mitre.org
Broken Link
http://securitytracker.com/id?1022520
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/9106
Source: cve@mitre.org
Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/504764
Source: cve@mitre.org
Broken Link Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/35592
Source: cve@mitre.org
Broken Link Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/1814
Source: cve@mitre.org
Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51576
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://securitytracker.com/id?1022520
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/9106
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/504764
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/35592
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/1814
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51576
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

citrix

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A