CVE-2016-4945

Name of the Vulnerable Software and Affected Versions Citrix NetScaler Gateway versions prior to 11.0 Build 66.11

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the NSC TMAC cookie. This occurs in the vpn/js/gateway login form view.js file.

Recommendations For versions prior to 11.0 Build 66.11, update to Build 66.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the gateway login form view.js file until a patch is applied. Avoid using the NSC TMAC cookie in sensitive operations until the issue is resolved.