Cross-Site Scripting Vulnerabilities in Citrix NetScaler ADC and Gateway
CVE-2015-7997

Currently unrated

Key Information:

Vendor: Citrix
Status: Netscaler Service Delivery Appliance Service Vm
Vendor: CVE Published:; 17 November 2015

What is CVE-2015-7997?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Nitro API of Citrix NetScaler ADC and Gateway across specific versions, allowing attackers to inject arbitrary web scripts or HTML. These vulnerabilities arise from improper validation of user-supplied input in various unspecified vectors, leading to potential unauthorized actions performed on behalf of users. Organizations using affected versions should take immediate action to patch their systems to mitigate risks associated with these vulnerabilities.

References

http://www.securitytracker.com/id/1034167

vdb-entryx_refsource_SECTRACK

http://support.citrix.com/article/CTX202482

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2015
Vulnerability Reserved
Oct 28, 2015