Cross-Site Scripting Vulnerability in Citrix XenMobile Server
CVE-2018-10649

6.1MEDIUM

Key Information:

Vendor: Citrix
Status: Xenmobile Server
Vendor: CVE Published:; 23 May 2018

What is CVE-2018-10649?

The vulnerability found in Citrix XenMobile Server 10.7 prior to RP3 allows attackers to execute arbitrary scripts in the context of a user session, potentially leading to unauthorized actions and sensitive data exposure. Proper input validation measures should be implemented to mitigate the risk of exploitation.

References

https://support.citrix.com/article/CTX234879

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2018
Vulnerability Reserved
May 2, 2018