Cross-Site Scripting Vulnerabilities in Citrix NetScaler ADC and Gateway
CVE-2015-7997
Currently unrated
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 17 November 2015
Summary
Multiple cross-site scripting (XSS) vulnerabilities exist in the Nitro API of Citrix NetScaler ADC and Gateway across specific versions, allowing attackers to inject arbitrary web scripts or HTML. These vulnerabilities arise from improper validation of user-supplied input in various unspecified vectors, leading to potential unauthorized actions performed on behalf of users. Organizations using affected versions should take immediate action to patch their systems to mitigate risks associated with these vulnerabilities.
References
Timeline
Vulnerability published
Vulnerability Reserved