CVE-2018-6811

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
citrixnetscaler_application_delivery_controller_firmware
10.5
citrixnetscaler_application_delivery_controller_firmware
11.0
citrixnetscaler_application_delivery_controller_firmware
11.1
citrixnetscaler_application_delivery_controller_firmware
12.0
citrixnetscaler_gateway_firmware
10.5
citrixnetscaler_gateway_firmware
11.0
citrixnetscaler_gateway_firmware
11.1
citrixnetscaler_gateway_firmware
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1040440
https://support.citrix.com/article/CTX232161
http://www.securitytracker.com/id/1040440
https://support.citrix.com/article/CTX232161