Cross-Site Scripting Vulnerability in Citrix NetScaler Application Delivery Controller
CVE-2015-6672

Currently unrated

Key Information:

Vendor: Citrix
Status: Netscaler Gateway Firmware; Netscaler Application Delivery Controller Firmware
Vendor: CVE Published:; 17 September 2015

What is CVE-2015-6672?

A Cross-Site Scripting (XSS) vulnerability exists in the Administrative Web Interface of Citrix NetScaler Application Delivery Controller and NetScaler Gateway. This flaw allows remote attackers to inject harmful web scripts or HTML, which can compromise the integrity or confidentiality of sensitive information. Attackers can exploit this vulnerability via unvalidated input, leading to unauthorized actions and potential breaches of user security.

References

http://www.securitytracker.com/id/1033618

vdb-entryx_refsource_SECTRACK

http://support.citrix.com/article/CTX201334

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2015
Vulnerability Reserved
Aug 25, 2015