Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31817
HistoryMar 21, 2015 - 12:00 a.m.

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting

2015-03-2100:00:00
vulners.com
17

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting

Han Sahin, August 2014


Abstract

A Cross-Site Scripting vulnerability was found in the xen_hotfix page of
the Citrix NITRO SDK. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.


Tested version

This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9;,
other versions may also be affected.


Fix

Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.3nc.


Details

https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix_page_is_vulnerable_to_cross_site_scripting.html