CVE-2022-27503
published 2022-04-13CVE-2022-27503: Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.47%
36.9th percentile
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_storefront | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | citrix_xenapp | — | — |
| citrix | storefront | — | — |
| citrix | storefront | >= 1912 < CU5 | CU5 |
| citrix | storefront | >= 3.12 < CU9 | CU9 |
| citrix | storefront_server | >= 1912 < 1912.0.5000 | 1912.0.5000 |
| citrix | storefront_server | >= 3.12 < 3.12.9000 | 3.12.9000 |
| citrix | xendesktop | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2022-27503: Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
vendor_citrix·2022-04-13·CVSS 6.1
CVE-2022-27503 [MEDIUM] CWE-79 CVE-2022-27503: Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
CVE-2022-27503: Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
Citrix
Citrix StoreFront Security Bulletin for CVE-2022-27503
vendor_citrix·CVSS 6.1
CVE-2022-27503 [MEDIUM] CWE-79 Citrix StoreFront Security Bulletin for CVE-2022-27503
Citrix StoreFront Security Bulletin for CVE-2022-27503
Type Pre-requisites CVE-2022-27503 Reflected Cross Site Scripting (XSS) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A victim user must have a current session on a StoreFront that has been configured to use SAML authentication The issue affects the following supported versions of Citrix StoreFront: Citrix StoreFront 1912 LTSR up to and including CU4 (1912.0.4000) Citrix StoreFront 3.12 for 7.15 LTSR up to and including CU8 (3.12.8000)
CVE References: CVE-2022-27503
Affected Products: Citrix StoreFront, Citrix Storefront, Citrix Virtual Apps and Desktops, Citrix XenApp, StoreFront, XenDesktop, XenServer, storefront
Severity: Medium
Remediation:
as their patching schedule allows. The iss
GHSA
GHSA-jp8p-2xpg-mjj3: Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3
ghsa_unreviewed·2022-04-14
CVE-2022-27503 [MEDIUM] CWE-79 GHSA-jp8p-2xpg-mjj3: Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-13
Published