Cross-site Scripting Vulnerability in Citrix NetScaler ADC and Gateway
CVE-2014-4346

Currently unrated

Key Information:

Vendor: Citrix
Status: Netscaler Application Delivery Controller Firmware; Netscaler Application Delivery Controller
Vendor: CVE Published:; 16 July 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the administration user interface of the Citrix NetScaler Application Delivery Controller and NetScaler Gateway, allowing remote attackers to inject arbitrary web scripts or HTML. This could result in unauthorized actions being performed within a user’s session or manipulation of the web content displayed to administrators, leading to potential data breach or unauthorized access to sensitive information.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

http://www.securitytracker.com/id/1030573

vdb-entryx_refsource_SECTRACK

http://support.citrix.com/article/CTX140863

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 16, 2014
Vulnerability Reserved
Jun 20, 2014