XSS in Citrix Netscaler_access_gateway
CVE-2014-4346
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote at…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.008 (75.0th percentile) — read the EPSS interpretation.
Affected products
- Citrix Netscaler_access_gateway
- Citrix Netscaler_access_gateway_firmware — versions 10.1
- Citrix Netscaler_application_delivery_controller
- Citrix Netscaler_application_delivery_controller_firmware — versions 10.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- 1030573 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- citrix-netscaler-cve20144346-xss(94493) (vdb-entry, x_refsource_XF)
- 59942 (x_refsource_SECUNIA, third-party-advisory)
- 20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway (mailing-list, x_refsource_FULLDISC)
- 1030572 (vdb-entry, x_refsource_SECTRACK)
- 20140716 SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway (mailing-list, x_refsource_BUGTRAQ)
- 68535 (vdb-entry, x_refsource_BID)