CVE-2014-1899
published 2014-05-02CVE-2014-1899: Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.21%
64.5th percentile
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_access_gateway_firmware | — | — |
| citrix | netscaler_access_gateway_firmware | — | — |
| citrix | netscaler_access_gateway_firmware | — | — |
| citrix | netscaler_access_gateway_firmware | — | — |
| citrix | netscaler_access_gateway_firmware | — | — |
| citrix | netscaler_access_gateway_firmware | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7mrf-5phq-8x3g: Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9
ghsa_unreviewed·2022-05-17
CVE-2014-1899 [MEDIUM] CWE-79 GHSA-7mrf-5phq-8x3g: Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Citrix
CVE-2014-1899: Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x
vendor_citrix·2014-05-02·CVSS 4.3
CVE-2014-1899 [MEDIUM] CWE-79 CVE-2014-1899: Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x
CVE-2014-1899: Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Citrix
Citrix Security Bulletin CTX140291
vendor_citrix·CVSS 4.3
CVE-2014-1899 [MEDIUM] Citrix Security Bulletin CTX140291
Citrix Security Bulletin CTX140291
CVE References: CVE-2014-1899, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No writeups or analysis indexed.
2014-05-02
Published