Cross Site Scripting Vulnerability in Citrix Session Recording
CVE-2023-6184

7.2HIGH

Key Information:

Vendor: Cloud Software Group
Status: Citrix Session Recording
Vendor: CVE Published:; 18 January 2024

🔔 Create Cloud Software Group Vulnerability Alert

Badges

🟣 EPSS 24%📰 News Worthy

What is CVE-2023-6184?

A Cross Site Scripting (XSS) vulnerability exists in Citrix Session Recording, which could allow an attacker to inject malicious scripts into the web application. This flaw may lead to unauthorized access to sensitive user data and compromise the integrity of the application. It is essential for organizations utilizing this product to implement appropriate security measures to reduce the risk associated with this vulnerability and protect their users.

Affected Version(s)

Citrix Session Recording 2311 Current Release < 0

Citrix Session Recording 1912 LTSR

Citrix Session Recording 2203 LTSR

News Articles

Assetnote

CVE-2023-5914 CVE-2023-6184

Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184

While most of the attention for vulnerabilities within Citrix has been on their NetScaler VPN product, we noticed that there were several other products offered by Citrix that require an on-premise deployment of a web application, that is sometimes internet facing. This piqued our interest and led u...

References

https://support.citrix.com/article/CTX583930/citrix-sessi...

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Assetnote
Mar 17, 2024
Vulnerability published
Jan 18, 2024
Vulnerability Reserved
Nov 16, 2023