PT-2015-7697 · Citrix · Citrix Netscaler Application Delivery Controller+1

Published

2015-11-17

·

Updated

2016-12-07

·

CVE-2015-7997

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions prior to 10.1 Build 133.9 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 prior to Build 58.11 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e prior to Build 56.1505.e
Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks.
Recommendations For versions prior to 10.1 Build 133.9, update to Build 133.9 or later. For versions 10.5 prior to Build 58.11, update to Build 58.11 or later. For versions 10.5.e prior to Build 56.1505.e, update to Build 56.1505.e or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-7997

Affected Products

Citrix Netscaler Application Delivery Controller
Netscaler Gateway