Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway
CVE-2016-4945

6.1MEDIUM

Key Information:

Vendor
Citrix
Status
Netscaler Gateway 11.0 Firmware
Vendor
CVE Published:
1 June 2016

Summary

A cross-site scripting vulnerability exists in the login form of Citrix NetScaler Gateway versions prior to Build 66.11. This flaw allows remote attackers to inject arbitrary web scripts or HTML via manipulation of the NSC_TMAC cookie. The vulnerability poses a significant risk as an attacker can exploit this security gap to hijack user sessions or perform other malicious actions on behalf of the unsuspecting user.

References

http://packetstormsecurity.com/files/137221/Citrix-Netsca...
x_refsource_MISC
http://www.securityfocus.com/archive/1/538515/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id/1036020
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.