Cross-Site Scripting Vulnerabilities in Citrix NetScaler ADC and Gateway

CVE-2015-7997

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the Nitro API of Citrix NetScaler ADC and Gateway across specific versions, allowing attackers to inject arbitrary web scripts or HTML. These vulnerabilities arise from improper validation of user-supplied input in various unspecified vectors, leading to potential unauthorized actions performed on behalf of users. Organizations using affected versions should take immediate action to patch their systems to mitigate risks associated with these vulnerabilities.

References