CVE-2014-1899

EUVD-2014-1961
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
citrixnetscaler_access_gateway_firmware
9.3
citrixnetscaler_access_gateway_firmware
9.3.61.5
citrixnetscaler_access_gateway_firmware
9.3.62.4
citrixnetscaler_access_gateway_firmware
10.0
citrixnetscaler_access_gateway_firmware
10.0.74.4
citrixnetscaler_access_gateway_firmware
10.1
citrixnetscaler_access_gateway
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/67177
http://www.securitytracker.com/id/1030186
https://support.citrix.com/article/CTX140291
http://www.securityfocus.com/bid/67177
http://www.securitytracker.com/id/1030186
https://support.citrix.com/article/CTX140291