CVE-2015-2840 — Cross-site Scripting in Citrix Netscaler

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Citrix Netscaler ADC Gateway

Timeline

PublishedApr 3

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDcitrix/netscaler10.5

▶citrixcitrix/netscaler_adc_gateway

🔴Vulnerability Details

GHSA

GHSA-7j7c-3gw5-prfg: Cross-site scripting (XSS) vulnerability in help/rt/large_search↗2022-05-14

▶

📋Vendor Advisories

Citrix

CVE-2015-2840: Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject a↗2015-04-03

▶

💬Community

Bugzilla

CVE-2015-5183 Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ↗2015-07-31

▶