CVE-2023-3466

Name of the Vulnerable Software and Affected Versions Citrix NetScaler Application Delivery Controller versions prior to 12.1-55.297 Citrix NetScaler Application Delivery Controller versions prior to 13.0-91.13 Citrix NetScaler Application Delivery Controller versions prior to 13.1-37.159 Citrix NetScaler Application Delivery Controller versions prior to 13.1-49.13 Citrix NetScaler Application Delivery Controller version 11.1-65.22

Description The issue is related to insufficient input validation in the Citrix ADC and Citrix Gateway systems, which can be exploited by a remote attacker to execute arbitrary code in the target system using a specially crafted link. This is a case of Reflected Cross-Site Scripting (XSS).

Recommendations For Citrix NetScaler Application Delivery Controller versions prior to 12.1-55.297, update to a version that includes the necessary security patches. For Citrix NetScaler Application Delivery Controller versions prior to 13.0-91.13, update to a version that includes the necessary security patches. For Citrix NetScaler Application Delivery Controller versions prior to 13.1-37.159, update to a version that includes the necessary security patches. For Citrix NetScaler Application Delivery Controller versions prior to 13.1-49.13, update to a version that includes the necessary security patches. For Citrix NetScaler Application Delivery Controller version 11.1-65.22, update to a version that includes the necessary security patches.