Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-24488Cross-site Scripting in Citrix ADC AND Citrix Gateway

CWE-79Cross-site ScriptingCWE-253Incorrect Check of Function Return Value10 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
91.4%
top 0.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Citrix ADC AND Citrix GatewayCitrix Application Delivery ControllerCitrix Gateway+3 more
Timeline
PublishedJul 10
Latest updateJul 13

Description

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

NVDcitrix/gateway12.112.1-65.35+2
CVEListV5citrix/citrix_adc_and_citrix_gateway13.113.1-45.61 +5
NVDcitrix/application_delivery_controller12.112.1-55.296+3

🔴Vulnerability Details

2
GHSA
GHSA-9p94-mp85-fwj9: Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting2023-07-10
VulnCheck
Citrix ShareFile Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2023

💥Exploits & PoCs

1
Nuclei
Citrix Gateway and Citrix ADC - Cross-Site Scripting

🔍Detection Rules

3
Suricata
ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M32023-07-03
Suricata
ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M12023-07-03
Suricata
ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M22023-07-03

📋Vendor Advisories

2
Citrix
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-244882024-07-13
Citrix
CVE-2023-24488: Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting2023-07-10

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter January 2026