CVE-2015-7997
published 2015-11-17CVE-2015-7997: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.00%
58.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_application_delivery_controller_firmware | — | — |
| citrix | netscaler_application_delivery_controller_firmware | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway_firmware | — | — |
| citrix | netscaler_gateway_firmware | — | — |
| citrix | netscaler_service_delivery_appliance_service_vm | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2015-7997: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway b
vendor_citrix·2015-11-17·CVSS 4.3
CVE-2015-7997 [MEDIUM] CWE-79 CVE-2015-7997: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway b
CVE-2015-7997: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Citrix
Citrix Security Bulletin CTX202482
vendor_citrix·CVSS 5.0
CVE-2015-7996 [MEDIUM] Citrix Security Bulletin CTX202482
Citrix Security Bulletin CTX202482
CVE References: CVE-2015-7996, CVE-2015-7997, CVE-2015-7998, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-64jj-r747-qg63: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway b
ghsa_unreviewed·2022-05-17
CVE-2015-7997 [MEDIUM] CWE-79 GHSA-64jj-r747-qg63: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway b
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-11-17
Published