CVE-2018-6811 — Cross-site Scripting in Citrix Netscaler Application Delivery Controller Firmware

CWE-79 — Cross-site Scripting CWE-268 — Privilege Chaining9 documents7 sources

Severity

6.1MEDIUMNVD

GHSA8.8

EPSS

0.3%

top 51.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Apache Hadoop +8 more

Timeline

PublishedMar 6

Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages11 packages

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware4 versions+3

▶citrixcitrix/netscaler_adc

▶NVDcitrix/netscaler_application_delivery_controller_firmware4 versions+3

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmxx-fgxh-42rc: Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10↗2022-05-14

▶

GHSA

Arbitrary Command Execution in Hadoop↗2018-12-21

▶

📋Vendor Advisories

Red Hat

hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811)↗2018-11-27

▶

Citrix

CVE-2018-6811: Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12↗2018-03-06

▶

Citrix

Citrix Security Bulletin CTX232161↗

▶

Apache

Apache hadoop: CVE-2018-11766↗

▶

💬Community

Bugzilla

CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811) [fedora-all]↗2018-11-28

▶

Bugzilla

CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811)↗2018-11-28

▶