XSS in Citrix Netscaler_access_gateway

CVE-2014-1899

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unsp…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (59.9th percentile) — read the EPSS interpretation.

Affected products

Citrix Netscaler_access_gateway
Citrix Netscaler_access_gateway_firmware — versions 9.3, 9.3.61.5, 9.3.62.4
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

1030186 (vdb-entry, x_refsource_SECTRACK)
67177 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)