Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-5914Cross-site Scripting in Citrix Storefront

CWE-79Cross-site Scripting7 documents5 sources
Severity
5.4MEDIUMVulnCheck
No vector
EPSS
69.8%
top 1.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Citrix StorefrontCitrix Xenserver
Timeline
Latest updateNov 14

Description

cloud citrix_storefront Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) Affected: cloud citrix_storefront Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-05-08&host_type=src&vulnerability=cve-2023-5914; https://dashb

Affected Packages2 packages

🔴Vulnerability Details

1
VulnCheck
cloud citrix_storefront Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2023

💥Exploits & PoCs

1
Nuclei
Citrix StoreFront - Cross-Site Scripting

🔍Detection Rules

3
Suricata
ET WEB_SPECIFIC_APPS Citrix StoreFront XML Parsing Exception Response (CVE-2023-5914)2025-11-14
Suricata
ET WEB_SPECIFIC_APPS Citrix Session Recording .NET Remoting Remote Code Execution (CVE-2023-6184)2025-11-14
Suricata
ET WEB_SPECIFIC_APPS Citrix StoreFront Reflected Cross-Site Scripting (CVE-2023-5914)2025-11-14

📋Vendor Advisories

1
Citrix
Citrix StoreFront Security Bulletin for CVE-2023-59142024-01-16

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter April 2024