CVE-2015-6672

EUVD-2015-6610
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
citrixnetscaler_application_delivery_controller_firmware
10.1
citrixnetscaler_application_delivery_controller_firmware
10.5
citrixnetscaler_application_delivery_controller_firmware
10.5e:e
citrixnetscaler_gateway_firmware
10.1
citrixnetscaler_gateway_firmware
10.5
citrixnetscaler_gateway_firmware
10.5e:e
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX201334
http://www.securitytracker.com/id/1033618
http://support.citrix.com/article/CTX201334
http://www.securitytracker.com/id/1033618