CVE-2013-6944 — Cross-site Scripting in Citrix Netscaler Application Delivery Controller Firmware

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 47.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix ADM Citrix Hypervisor +6 more

Timeline

PublishedMar 11

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages9 packages

▶NVDcitrix/netscaler_application_delivery_controller_firmware4 versions+3

▶citrixcitrix/netscaler_adc

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-wcgv-jqmr-m5q3: Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2013-6944: Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x b↗2014-03-11

▶

Citrix

Citrix Security Bulletin CTX139049↗

▶