Han Sahin, August 2014
A Cross-Site Scripting vulnerability was found in the xen_hotfix page of
the Citrix NITRO SDK. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.
This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9;,
other versions may also be affected.
Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.3nc.