Cross-Site Scripting Vulnerability in Citrix XenMobile Server
CVE-2018-10649

6.1MEDIUM

Key Information:

Vendor
Citrix
Vendor
CVE Published:
23 May 2018

Summary

The vulnerability found in Citrix XenMobile Server 10.7 prior to RP3 allows attackers to execute arbitrary scripts in the context of a user session, potentially leading to unauthorized actions and sensitive data exposure. Proper input validation measures should be implemented to mitigate the risk of exploitation.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.