Citrix SD-WAN is a networking product from Citrix, Inc. A cross-site scripting vulnerability exists in Citrix SD-WAN versions prior to 11.4.3a, which allows virtualization and optimization of enterprise site-to-site networks. The vulnerability stems from the programβs lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.