Cross-Site Scripting Vulnerabilities in Citrix NetScaler ADC and Gateway
CVE-2015-7997

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
17 November 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the Nitro API of Citrix NetScaler ADC and Gateway across specific versions, allowing attackers to inject arbitrary web scripts or HTML. These vulnerabilities arise from improper validation of user-supplied input in various unspecified vectors, leading to potential unauthorized actions performed on behalf of users. Organizations using affected versions should take immediate action to patch their systems to mitigate risks associated with these vulnerabilities.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.