Citrix XenCenterWeb is prone to the following input-validation vulnerabilities:
– Multiple cross-site request-forgery vulnerabilities
– Multiple cross-site scripting vulnerabilities
– Multiple SQL-injection vulnerabilities
– A remote command-execution vulnerability
Exploiting these issues could allow an attacker to execute arbitrary code, perform unauthorized actions, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.