CVE-2015-6672

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
citrixnetscaler_application_delivery_controller_firmware
10.1
citrixnetscaler_application_delivery_controller_firmware
10.5
citrixnetscaler_application_delivery_controller_firmware
10.5e:e
citrixnetscaler_gateway_firmware
10.1
citrixnetscaler_gateway_firmware
10.5
citrixnetscaler_gateway_firmware
10.5e:e
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX201334
http://www.securitytracker.com/id/1033618
http://support.citrix.com/article/CTX201334
http://www.securitytracker.com/id/1033618