Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-6184Improper Control of Dynamically-Managed Code Resources in Software Group Citrix Session Recording

CWE-913Improper Control of Dynamically-Managed Code ResourcesCWE-79Cross-site Scripting9 documents6 sources
Severity
7.2HIGHNVD
VulnCheck5.0
EPSS
20.8%
top 4.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Cloud Software Group Citrix Session RecordingCitrix Virtual Apps AND DesktopsCitrix Session Recording+3 more
Timeline
PublishedJan 18
Latest updateNov 14

Description

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages6 packages

CVEListV5cloud_software_group/citrix_session_recording2311 Current Release0+2

🔴Vulnerability Details

2
GHSA
GHSA-28qj-gvxv-p5g9: Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting2024-01-18
VulnCheck
Citrix virtual_apps_and_desktops Improper Control of Dynamically-Managed Code Resources2023

💥Exploits & PoCs

1
Nuclei
Citrix StoreFront - Cross-Site Scripting

🔍Detection Rules

3
Suricata
ET WEB_SPECIFIC_APPS Citrix StoreFront XML Parsing Exception Response (CVE-2023-5914)2025-11-14
Suricata
ET WEB_SPECIFIC_APPS Citrix Session Recording .NET Remoting Remote Code Execution (CVE-2023-6184)2025-11-14
Suricata
ET WEB_SPECIFIC_APPS Citrix StoreFront Reflected Cross-Site Scripting (CVE-2023-5914)2025-11-14

📋Vendor Advisories

2
Citrix
CVE-2023-6184: Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting2024-01-18
Citrix
Citrix Session Recording Security Bulletin for CVE-2023-61842024-01-16