Citrix Storefront vulnerabilities

CVE-2023-5914 [MEDIUM] CWE-79 Citrix StoreFront Security Bulletin for CVE-2023-5914 Citrix StoreFront Security Bulletin for CVE-2023-5914 Pre-requisites CWE CVE-2023-5914 Cross-site scripting (XSS) Requires victim to access an attacker-controlled link in the browser CWE-79 Instructions Cloud Software Group strongly urges affected customers of Citrix StoreFront to install the relevant updated versions of Citrix StoreFront as soon as possible: Current Release (CR) Citrix StoreFront 2308.1 and lat

CVE-2020-8200 [MEDIUM] Citrix StoreFront Security Update - Security Bulletin Citrix StoreFront Security Update - Security Bulletin A high severity issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. This issue has the following identifier: CVE-2020-8200 The issue affects the following supported Current Release (CR) vers

CVE-2019-13608 [HIGH] CVE-2019-13608 - XML External Entity (XXE) Processing Vulnerability in Citrix StoreFront Server CVE-2019-13608 - XML External Entity (XXE) Processing Vulnerability in Citrix StoreFront Server of Problem An XML External Entity (XXE) processing vulnerability has been identified in Citrix StoreFront Server that could allow an unauthenticated attacker to retrieve potentially sensitive information from the server. This vulnerability has been assigned the following CVE number: •

CVE-2022-27503 [MEDIUM] CWE-79 Citrix StoreFront Security Bulletin for CVE-2022-27503 Citrix StoreFront Security Bulletin for CVE-2022-27503 Type Pre-requisites CVE-2022-27503 Reflected Cross Site Scripting (XSS) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A victim user must have a current session on a StoreFront that has been configured to use SAML authentication The issue affects the following supported versions of Citrix StoreFront: Citrix Sto