BugTraq
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting Mar 19 2015 04:14PM
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting
------------------------------------------------------------------------

Han Sahin, August 2014

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

It was discovered that the help pages of Citrix VPX are vulnerable to
Cross-Site Scripting. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.

------------------------------------------------------------------------

Tested version
------------------------------------------------------------------------

This issue was discovered in Citrix NetScaler VPX NSVPX-ESX-10.5-50.10,
other versions may also be vulnerable.

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.8nc.

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_p
ages_are_vulnerable_to_cross_site_scripting.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus