XSS in Citrix Netscaler
CVE-2015-2839
The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (62.6th percentile) — read the EPSS interpretation.
Affected products
- Citrix Netscaler — versions 10.5
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150319 Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20150319 Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 73311 (vdb-entry, x_refsource_BID)