Cross Site Scripting Vulnerability in Citrix Session Recording
CVE-2023-6184

5MEDIUM

Key Information:

Vendor

Cloud Software Group

Status
Citrix Session Recording
Vendor
CVE Published:
18 January 2024

Badges

🟣 EPSS 29%πŸ“° News Worthy

What is CVE-2023-6184?

A Cross Site Scripting (XSS) vulnerability exists in Citrix Session Recording, which could allow an attacker to inject malicious scripts into the web application. This flaw may lead to unauthorized access to sensitive user data and compromise the integrity of the application. It is essential for organizations utilizing this product to implement appropriate security measures to reduce the risk associated with this vulnerability and protect their users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Citrix Session Recording 2311 Current Release < 0

Citrix Session Recording 1912 LTSR

Citrix Session Recording 2203 LTSR

News Articles

favicon imageAssetnote

Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184

While most of the attention for vulnerabilities within Citrix has been on their NetScaler VPN product, we noticed that there were several other products offered by Citrix that require an on-premise deployment of a web application, that is sometimes internet facing. This piqued our interest and led u...

References

https://support.citrix.com/article/CTX583930/citrix-sessi...

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Assetnote

  • Vulnerability published

  • Vulnerability Reserved

JSON
.