CVE-2015-2839
published 2015-04-03CVE-2015-2839: The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.00%
78.3th percentile
The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | netscaler | — | — |
| citrix | netscaler_adc_gateway | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2015-2839: The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attacke
vendor_citrix·2015-04-03·CVSS 4.3
CVE-2015-2839 [MEDIUM] CWE-79 CVE-2015-2839: The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attacke
CVE-2015-2839: The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
GHSA
GHSA-8mm8-vfx7-wq27: The Nitro API in Citrix NetScaler before 10
ghsa_unreviewed·2022-05-14
CVE-2015-2839 [MEDIUM] CWE-79 GHSA-8mm8-vfx7-wq27: The Nitro API in Citrix NetScaler before 10
The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130931/Citrix-NITRO-SDK-xen_hotfix-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2015/Mar/128http://www.securityfocus.com/archive/1/534935/100/0/threadedhttp://www.securityfocus.com/bid/73311https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix_page_is_vulnerable_to_cross_site_scripting.htmlhttp://packetstormsecurity.com/files/130931/Citrix-NITRO-SDK-xen_hotfix-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2015/Mar/128http://www.securityfocus.com/archive/1/534935/100/0/threadedhttp://www.securityfocus.com/bid/73311https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix_page_is_vulnerable_to_cross_site_scripting.html
2015-04-03
Published