Cross-Site Scripting Vulnerability in Citrix SD-WAN Center
CVE-2019-11345

6.1MEDIUM

Key Information:

Vendor

Citrix
Status
Netscaler Sd-wan Center
Citrix Sd-wan Center
Vendor
CVE Published:
10 March 2020

What is CVE-2019-11345?

The Citrix SD-WAN Center and NetScaler SD-WAN Center are susceptible to a Cross-Site Scripting (XSS) vulnerability in versions prior to 10.2.1 and 10.0.7 respectively. This allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user sessions or redirecting users to malicious sites. Organizations should promptly upgrade to the respective patched versions to mitigate associated risks.

References

https://support.citrix.com/article/CTX247737
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.