Multiple vulnerabilities were reported in Citrix XenServer Web Self Service.
Version(s): 5.5, 5.6 SP2, 6.0; Web Self Service prior to 1.1.1
A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer Web Self Service.
Customers who have installed XenServer but have not additionally downloaded and installed the optional Web Self Service component are not affected by these vulnerabilities. These vulnerabilities affect all currently supported versions of Web Self Service prior to version 1.1.1.
The vendor has issued a fix (Web Self Service 1.1.1). The new version of the Web Self Service virtual appliance can be obtained from the following location: Citrix.com