XSS in Citrix Netscaler

CVE-2015-2840

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.

Affected products

Citrix Netscaler — versions 10.5
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
73342 (vdb-entry, x_refsource_BID)
20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting (mailing-list, x_refsource_BUGTRAQ)
20150319 Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting (mailing-list, x_refsource_FULLDISC)