Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway
CVE-2014-1899

Currently unrated

Key Information:

Vendor: Citrix
Status: Netscaler Access Gateway Firmware; Netscaler Access Gateway
Vendor: CVE Published:; 2 May 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Citrix NetScaler Gateway that allows remote attackers to inject arbitrary web scripts or HTML through unspecified vectors. This flaw affects versions of NetScaler Gateway 9.x prior to 9.3.66.5 and 10.x prior to 10.1.123.9, potentially enabling attackers to execute malicious scripts in the context of the user's session, thus compromising sensitive user data and functionalities.

References

http://www.securitytracker.com/id/1030186

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/67177

vdb-entryx_refsource_BID

https://support.citrix.com/article/CTX140291

x_refsource_CONFIRM

Timeline

Vulnerability published
May 2, 2014
Vulnerability Reserved
Feb 7, 2014