CVE-2014-1899

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
citrixnetscaler_access_gateway_firmware
9.3
citrixnetscaler_access_gateway_firmware
9.3.61.5
citrixnetscaler_access_gateway_firmware
9.3.62.4
citrixnetscaler_access_gateway_firmware
10.0
citrixnetscaler_access_gateway_firmware
10.0.74.4
citrixnetscaler_access_gateway_firmware
10.1
citrixnetscaler_access_gateway
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/67177
http://www.securitytracker.com/id/1030186
https://support.citrix.com/article/CTX140291
http://www.securityfocus.com/bid/67177
http://www.securitytracker.com/id/1030186
https://support.citrix.com/article/CTX140291