XSS in Citrix Netscaler_application_delivery_controller_firmware

CVE-2015-6672

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (53.0th percentile) — read the EPSS interpretation.

Affected products

Citrix Netscaler_application_delivery_controller_firmware — versions 10.1, 10.5, 10.5e
Citrix Netscaler_gateway_firmware — versions 10.1, 10.5, 10.5e
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

1033618 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)