cbcvebase.
CVE-2016-4945
published 2016-06-01

CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to…

PriorityP277medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.37%
68.5th percentile
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.

Affected

9 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adm
citrixcitrix_hypervisor
citrixcitrix_virtual_apps_and_desktops
citrixendpoint_management
citrixnetscaler_adc
citrixnetscaler_adc_gateway
citrixnetscaler_gateway
citrixnetscaler_gateway_11.0_firmware<= 65.35
citrixxenserver

Detection & IOCsextracted from sources · hover to see the quote

cookieNSC_TMAC
pathvpn/js/gateway_login_form_view.js
  • Monitor HTTP requests to Citrix NetScaler Gateway for the NSC_TMAC cookie containing unsanitized script or HTML payloads (e.g., <script>, javascript: URIs, event handlers)
  • Inspect traffic targeting the path vpn/js/gateway_login_form_view.js on NetScaler Gateway 11.0 builds prior to 66.11 for XSS exploitation attempts
  • ·Vulnerability is only present in Citrix NetScaler Gateway 11.0 before Build 66.11; patched versions are not affected

CVSS provenance

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.