Cross-Site Scripting Vulnerability in Citrix XenMobile Server
CVE-2016-2789

6.1MEDIUM

Key Information:

Vendor: Citrix
Status: Xenmobile Server
Vendor: CVE Published:; 7 April 2016

Summary

The Citrix XenMobile Server has a vulnerability in its Web User Interface that enables remote attackers to inject arbitrary web scripts or HTML code through unspecified means. This flaw is present in versions 10.0 and 10.1 prior to Rolling Patch 4, and 10.3 before Rolling Patch 1, creating potential security risks for users. Administrators are advised to apply the necessary patches to mitigate this issue.

References

http://www.securitytracker.com/id/1035265

vdb-entryx_refsource_SECTRACK

http://support.citrix.com/article/CTX207499

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 7, 2016
Vulnerability Reserved
Mar 1, 2016