Stored Cross-Site Scripting Vulnerability in Prism Central by Citrix
CVE-2024-12223

9.3CRITICAL

Key Information:

Vendor

Nutanix

Status
Prism Central
Vendor
CVE Published:
20 August 2025

What is CVE-2024-12223?

Prism Central versions prior to 2024.3.1 are susceptible to a stored cross-site scripting flaw through its Events component. This vulnerability enables attackers to hijack user sessions and execute actions under the victim's security context, posing significant risks to data integrity and user safety.

Affected Version(s)

Prism Central 0 < 2024.3.1

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew Suters
.