Netscaler Security Vulnerabilities and Issues — Netscaler CVE List

Lucene search

CitrixNetscaler

4 matches found

CVE•added 2015/04/03 2:59 p.m.•53 views

CVE-2015-2838

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen...

6.8CVSS8.2AI score0.04306EPSS

CVE•added 2015/04/03 2:59 p.m.•49 views

CVE-2015-2840

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

4.3CVSS5.8AI score0.00392EPSS

CVE•added 2015/04/03 2:59 p.m.•48 views

CVE-2015-2839

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

4.3CVSS5.9AI score0.00426EPSS

CVE•added 2015/04/03 2:59 p.m.•40 views

CVE-2015-2841

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

5CVSS6.8AI score0.04409EPSS