CVE-2014-4346 — Cross-site Scripting in Citrix Netscaler Access Gateway Firmware

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Access Gateway Firmware Citrix Netscaler Application Delivery Controller Firmware Citrix ADM +7 more

Timeline

PublishedJul 16

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages10 packages

▶NVDcitrix/netscaler_access_gateway_firmware10.1

▶NVDcitrix/netscaler_application_delivery_controller_firmware10.1

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-rf98-23w8-rpx5: Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gate↗2022-05-14

▶

📋Vendor Advisories

Citrix

CVE-2014-4346: Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gate↗2014-07-16

▶

Citrix

Citrix Security Bulletin CTX140863↗

▶