CVE-2015-7997

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: Nov 17, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-7997
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
citrix / netscaler_service_delivery_appliance_service_vm	10.5e	10.5e.x
citrix / netscaler_application_delivery_controller_firmware	10.5	10.5.x
citrix / netscaler_application_delivery_controller_firmware	10.1	10.1.x
citrix / netscaler_gateway_firmware	10.1	10.1.x
citrix / netscaler_gateway_firmware	10.5	10.5.x

http://support.citrix.com/article/CTX202482
http://www.securitytracker.com/id/1034167

Vulnerability Database

289,784

CVE-2015-7997