CVE-2016-4945
published 2016-06-01CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to…
PriorityP277medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.37%
68.5th percentile
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway_11.0_firmware | <= 65.35 | — |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to Citrix NetScaler Gateway for the NSC_TMAC cookie containing unsanitized script or HTML payloads (e.g., <script>, javascript: URIs, event handlers) ↗
- →Inspect traffic targeting the path vpn/js/gateway_login_form_view.js on NetScaler Gateway 11.0 builds prior to 66.11 for XSS exploitation attempts ↗
- ·Vulnerability is only present in Citrix NetScaler Gateway 11.0 before Build 66.11; patched versions are not affected ↗
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attack
vendor_citrix·2016-06-01·CVSS 6.1
CVE-2016-4945 [MEDIUM] CWE-79 CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attack
CVE-2016-4945: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
Citrix
Citrix Security Bulletin CTX213313
vendor_citrix·CVSS 6.1
CVE-2016-4945 [MEDIUM] Citrix Security Bulletin CTX213313
Citrix Security Bulletin CTX213313
CVE References: CVE-2016-4945, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-jrg8-c34p-wgmf: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view
ghsa_unreviewed·2022-05-14
CVE-2016-4945 [MEDIUM] CWE-79 GHSA-jrg8-c34p-wgmf: Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
VulnCheck
Citrix NetScaler ADC and NetScaler Gateway Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2016·CVSS 6.1
CVE-2016-4945 [MEDIUM] Citrix NetScaler ADC and NetScaler Gateway Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Citrix NetScaler ADC and NetScaler Gateway Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
Affected: Citrix NetScaler ADC and NetScaler Gateway
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/2024-ddos-attack-trends; https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.htmlhttp://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txthttp://support.citrix.com/article/CTX213313http://www.securityfocus.com/archive/1/538515/100/0/threadedhttp://www.securitytracker.com/id/1036020http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.htmlhttp://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txthttp://support.citrix.com/article/CTX213313http://www.securityfocus.com/archive/1/538515/100/0/threadedhttp://www.securitytracker.com/id/1036020
2016-06-01
Published
Exploited in the wild