Netscaler Security Vulnerabilities and Issues — Netscaler CVE List

Lucene search

CitrixNetscaler

4 matches found

CVE•added 2015/04/03 2:59 p.m.•49 views

CVE-2015-2840

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

4.3CVSS5.8AI score0.00392EPSS

CVE•added 2015/04/03 2:59 p.m.•48 views

CVE-2015-2839

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

4.3CVSS5.9AI score0.00426EPSS

CVE•added 2007/11/30 1:46 a.m.•42 views

CVE-2007-6192

The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.

4.3CVSS6.4AI score0.00203EPSS

CVE•added 2007/11/20 11:46 a.m.•38 views

CVE-2007-6037

Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.

4.3CVSS5.6AI score0.10243EPSS