It was discovered that the help pages of Citrix VPX are vulnerable to
Cross-Site Scripting. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting
------------------------------------------------------------------------
Han Sahin, August 2014
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the help pages of Citrix VPX are vulnerable to
Cross-Site Scripting. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.
------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
This issue was discovered in Citrix NetScaler VPX NSVPX-ESX-10.5-50.10,
other versions may also be vulnerable.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.8nc.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_p
ages_are_vulnerable_to_cross_site_scripting.html
[ reply ]