Vulnerability-Lookup

CVE-2023-24488 (GCVE-0-2023-24488)

Vulnerability from cvelistv5 – Published: 2023-07-10 20:41 – Updated: 2024-10-25 19:51

KEVintel KEV

Title

Cross site scripting

Summary

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

Citrix

References

1 reference

URL	Tags
https://support.citrix.com/article/CTX477714/citr…

Impacted products

1 product

Vendor	Product	Version
Citrix	Citrix ADC and Citrix Gateway	Affected: 13.1 , < 13.1-45.61 (patch) Affected: 13.0 , < 13.0-90.11  (patch) Affected: 12.1 , < 12.1-65.35 (patch) Affected: 12.1-FIPS , < 12.1-55.296 (patch) Affected: 13.1-FIPS , < 13.1-37.150 (patch) Affected: 12.1-NDcPP , < 12.1-55.296 (patch)

Date Public

2023-05-09 19:00

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 2a0b77b6-5ecb-4f5c-9870-a8eca4a29c28

Vulnerability ID: CVE-2023-24488

Status: Confirmed

Status Updated: 2025-04-28 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-04-28

Asserted: 2025-04-28

Scope

Notes: KEVIntel entry: Cross site scripting | Affected: Citrix / Citrix ADC and Citrix Gateway  | CVSS: 6.1 (MEDIUM) | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Cross site scripting
Vendor	Citrix
Product	Citrix ADC and Citrix Gateway
Added Date	2025-04-28T00:00:00.000Z
Cvss Score	6.1
Epss Score	None
Cvss Severity	MEDIUM
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	True

References

Created: 2026-06-19 12:46 UTC | Updated: 2026-06-19 12:46 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24488",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T19:50:27.509927Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T19:51:19.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix ADC and Citrix Gateway\u202f",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "13.1-45.61 ",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "13.0-90.11\u202f",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "12.1-65.35",
              "status": "affected",
              "version": "12.1",
              "versionType": "patch"
            },
            {
              "lessThan": "12.1-55.296",
              "status": "affected",
              "version": "12.1-FIPS ",
              "versionType": "patch"
            },
            {
              "lessThan": "13.1-37.150 ",
              "status": "affected",
              "version": "13.1-FIPS ",
              "versionType": "patch"
            },
            {
              "lessThan": "12.1-55.296",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCross site scripting vulnerability\u0026nbsp;\u003c/span\u003ein Citrix ADC and Citrix Gateway\u202f\u0026nbsp;in allows and attacker to perform cross site scripting"
            }
          ],
          "value": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-10T20:41:53.469Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Cross site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-24488",
    "datePublished": "2023-07-10T20:41:31.248Z",
    "dateReserved": "2023-01-24T15:49:52.579Z",
    "dateUpdated": "2024-10-25T19:51:19.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-24488",
      "date": "2026-06-20",
      "epss": "0.80907",
      "percentile": "0.99579"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-65.35\", \"matchCriteriaId\": \"7C7337CF-B482-4272-8D5E-C6F18FC07E47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-90.11\", \"matchCriteriaId\": \"E9853C6D-CA36-4018-80D9-4C196C1D6D56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1\", \"versionEndExcluding\": \"13.1-45.61\", \"matchCriteriaId\": \"2A762510-82CB-4671-8D3C-A0C53E21FB9C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.296\", \"matchCriteriaId\": \"EDEB8DA9-D2C2-40CA-8D37-B3878E41A596\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.296\", \"matchCriteriaId\": \"AD984EFC-389E-4660-A6AB-4FF4F1DB5D3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-65.35\", \"matchCriteriaId\": \"196840B2-A87D-448C-8E9C-61C01188A8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-90.11\", \"matchCriteriaId\": \"9BD72AC1-8939-41EE-81FD-F8612A36D539\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1\", \"versionEndExcluding\": \"13.1-45.61\", \"matchCriteriaId\": \"A5B13E9F-7572-428A-9E16-86146456A982\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross site scripting vulnerability\\u00a0in Citrix ADC and Citrix Gateway\\u202f\\u00a0in allows and attacker to perform cross site scripting\"}, {\"lang\": \"es\", \"value\": \"Los productos ADC y Gateway de Citrix son vulnerables a ataques de tipo Cross-Site Scripting (XSS).\"}]",
      "id": "CVE-2023-24488",
      "lastModified": "2024-11-21T07:47:57.780",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@citrix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2023-07-10T21:15:10.707",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488\", \"source\": \"secure@citrix.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@citrix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@citrix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-24488\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2023-07-10T21:15:10.707\",\"lastModified\":\"2024-11-21T07:47:57.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting\"},{\"lang\":\"es\",\"value\":\"Los productos ADC y Gateway de Citrix son vulnerables a ataques de tipo Cross-Site Scripting (XSS).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-65.35\",\"matchCriteriaId\":\"7C7337CF-B482-4272-8D5E-C6F18FC07E47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-90.11\",\"matchCriteriaId\":\"E9853C6D-CA36-4018-80D9-4C196C1D6D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-45.61\",\"matchCriteriaId\":\"2A762510-82CB-4671-8D3C-A0C53E21FB9C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.296\",\"matchCriteriaId\":\"EDEB8DA9-D2C2-40CA-8D37-B3878E41A596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.296\",\"matchCriteriaId\":\"AD984EFC-389E-4660-A6AB-4FF4F1DB5D3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-65.35\",\"matchCriteriaId\":\"196840B2-A87D-448C-8E9C-61C01188A8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-90.11\",\"matchCriteriaId\":\"9BD72AC1-8939-41EE-81FD-F8612A36D539\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-45.61\",\"matchCriteriaId\":\"A5B13E9F-7572-428A-9E16-86146456A982\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:56:04.119Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-24488\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-25T19:50:27.509927Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T19:51:14.677Z\"}}], \"cna\": {\"title\": \"Cross site scripting\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Citrix\", \"product\": \"Citrix ADC and Citrix Gateway\\u202f\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"13.1-45.61 \", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.0-90.11\\u202f\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"12.1\", \"lessThan\": \"12.1-65.35\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"12.1-FIPS \", \"lessThan\": \"12.1-55.296\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1-FIPS \", \"lessThan\": \"13.1-37.150 \", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"12.1-NDcPP\", \"lessThan\": \"12.1-55.296\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-05-09T19:00:00.000Z\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross site scripting vulnerability\\u00a0in Citrix ADC and Citrix Gateway\\u202f\\u00a0in allows and attacker to perform cross site scripting\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCross site scripting vulnerability\u0026nbsp;\u003c/span\u003ein Citrix ADC and Citrix Gateway\\u202f\u0026nbsp;in allows and attacker to perform cross site scripting\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2023-07-10T20:41:53.469Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-24488\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T19:51:19.071Z\", \"dateReserved\": \"2023-01-24T15:49:52.579Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2023-07-10T20:41:31.248Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0366

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix ADC versions 12.1-x.x antérieures à 12.1-65.35
Citrix	N/A	Citrix Gateway versions 13.0-x.x antérieures à 13.0-90.11
Citrix	N/A	Citrix Gateway versions 13.1-x.x antérieures à 13.1-45.61
Citrix	N/A	Citrix ADC versions 13.1-x.x antérieures à 13.1-45.61
Citrix	N/A	Citrix ADC versions 13.1-x.x-FIPS antérieures à 13.1-37.150
Citrix	N/A	Citrix ADC versions 12.1-x.x-NDcPP antérieures à 12.1-55.296
Citrix	N/A	Citrix ADC versions 12.1-x.x-FIPS antérieures à 12.1-55.296
Citrix	N/A	Citrix ADC versions 13.0-x.x antérieures à 13.0-90.11
Citrix	N/A	Citrix Gateway versions 12.1-x.x antérieures à 12.1-65.35

References

Title

Publication Time

CERTFR-2023-AVI-0366

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix ADC versions 12.1-x.x antérieures à 12.1-65.35
Citrix	N/A	Citrix Gateway versions 13.0-x.x antérieures à 13.0-90.11
Citrix	N/A	Citrix Gateway versions 13.1-x.x antérieures à 13.1-45.61
Citrix	N/A	Citrix ADC versions 13.1-x.x antérieures à 13.1-45.61
Citrix	N/A	Citrix ADC versions 13.1-x.x-FIPS antérieures à 13.1-37.150
Citrix	N/A	Citrix ADC versions 12.1-x.x-NDcPP antérieures à 12.1-55.296
Citrix	N/A	Citrix ADC versions 12.1-x.x-FIPS antérieures à 12.1-55.296
Citrix	N/A	Citrix ADC versions 13.0-x.x antérieures à 13.0-90.11
Citrix	N/A	Citrix Gateway versions 12.1-x.x antérieures à 12.1-65.35

References

Title

Publication Time

BDU:2023-04043

Vulnerability from fstec - Published: 09.05.2023

Title

Уязвимость контроллера доставки приложений Citrix ADC (ранее Citrix NetScaler Application Delivery Controller), системы контроля доступа к виртуальной среде Citrix Gateway (ранее Citrix NetScaler Gateway), существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Description

Уязвимость контроллера доставки приложений Citrix ADC (ранее Citrix NetScaler Application Delivery Controller), системы контроля доступа к виртуальной среде Citrix Gateway (ранее Citrix NetScaler Gateway) существует из-за непринятия мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществлять межсайтовые сценарные атаки

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor

Citrix Systems Inc.

Software Name

Citrix Gateway, Citrix ADC

Software Version

от 12.1 до 12.1-65.35 (Citrix Gateway), от 13.0 до 13.0-90.11 (Citrix Gateway), от 13.1 до 13.1-45.61 (Citrix Gateway), от 13.1 до 13.1-45.61 (Citrix ADC), от 13.0 до 13.0-90.11 (Citrix ADC), от 12.1 до 12.1-65.35 (Citrix ADC), от 12. 1-FIPS до 12.1-55.296 (Citrix ADC), от 12. 1-NDCPP до 12.1-55.296 (Citrix ADC)

Possible Mitigations

Использование рекомендаций производителя: https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488

Reference

https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Citrix Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 12.1 \u0434\u043e 12.1-65.35 (Citrix Gateway), \u043e\u0442 13.0 \u0434\u043e 13.0-90.11 (Citrix Gateway), \u043e\u0442 13.1 \u0434\u043e 13.1-45.61 (Citrix Gateway), \u043e\u0442 13.1 \u0434\u043e 13.1-45.61 (Citrix ADC), \u043e\u0442 13.0 \u0434\u043e 13.0-90.11 (Citrix ADC), \u043e\u0442 12.1 \u0434\u043e 12.1-65.35 (Citrix ADC), \u043e\u0442 12. 1-FIPS \u0434\u043e 12.1-55.296 (Citrix ADC), \u043e\u0442 12. 1-NDCPP \u0434\u043e 12.1-55.296 (Citrix ADC)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.05.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.07.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.07.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04043",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-24488",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Citrix Gateway, Citrix ADC",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Citrix ADC (\u0440\u0430\u043d\u0435\u0435 Citrix NetScaler Application Delivery Controller), \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435 Citrix Gateway (\u0440\u0430\u043d\u0435\u0435 Citrix NetScaler Gateway), \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Citrix ADC (\u0440\u0430\u043d\u0435\u0435 Citrix NetScaler Application Delivery Controller), \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435 Citrix Gateway (\u0440\u0430\u043d\u0435\u0435 Citrix NetScaler Gateway) \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}

FKIE_CVE-2023-24488

Vulnerability from fkie_nvd - Published: 2023-07-10 21:15 - Updated: 2026-06-17 05:39

KEVintel KEV

Severity

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

References

	URL	Tags
	secure@citrix.com	https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	gateway	*
citrix	gateway	*
citrix	gateway	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix ADC and Citrix Gateway\u202f",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "13.1-45.61 ",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "13.0-90.11\u202f",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "12.1-65.35",
              "status": "affected",
              "version": "12.1",
              "versionType": "patch"
            },
            {
              "lessThan": "12.1-55.296",
              "status": "affected",
              "version": "12.1-FIPS ",
              "versionType": "patch"
            },
            {
              "lessThan": "13.1-37.150 ",
              "status": "affected",
              "version": "13.1-FIPS ",
              "versionType": "patch"
            },
            {
              "lessThan": "12.1-55.296",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        }
      ],
      "source": "secure@citrix.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7337CF-B482-4272-8D5E-C6F18FC07E47",
              "versionEndExcluding": "12.1-65.35",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9853C6D-CA36-4018-80D9-4C196C1D6D56",
              "versionEndExcluding": "13.0-90.11",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A762510-82CB-4671-8D3C-A0C53E21FB9C",
              "versionEndExcluding": "13.1-45.61",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "EDEB8DA9-D2C2-40CA-8D37-B3878E41A596",
              "versionEndExcluding": "12.1-55.296",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
              "matchCriteriaId": "AD984EFC-389E-4660-A6AB-4FF4F1DB5D3C",
              "versionEndExcluding": "12.1-55.296",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "196840B2-A87D-448C-8E9C-61C01188A8A7",
              "versionEndExcluding": "12.1-65.35",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD72AC1-8939-41EE-81FD-F8612A36D539",
              "versionEndExcluding": "13.0-90.11",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B13E9F-7572-428A-9E16-86146456A982",
              "versionEndExcluding": "13.1-45.61",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting"
    },
    {
      "lang": "es",
      "value": "Los productos ADC y Gateway de Citrix son vulnerables a ataques de tipo Cross-Site Scripting (XSS)."
    }
  ],
  "id": "CVE-2023-24488",
  "lastModified": "2026-06-17T05:39:22.273",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "secure@citrix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2023-24488",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-10-25T19:50:27.509927Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2023-07-10T21:15:10.707",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9P94-MP85-FWJ9

Vulnerability from github – Published: 2023-07-10 21:31 – Updated: 2024-04-04 05:54

Details

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting

Severity

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-24488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-10T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway?\u00a0in allows and attacker to perform cross site scripting",
  "id": "GHSA-9p94-mp85-fwj9",
  "modified": "2024-04-04T05:54:09Z",
  "published": "2023-07-10T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24488"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-24488

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

Aliases

CVE-2023-24488

Aliases

CVE-2023-24488

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-24488",
    "id": "GSD-2023-24488"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-24488"
      ],
      "details": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting",
      "id": "GSD-2023-24488",
      "modified": "2023-12-13T01:20:58.336971Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@citrix.com",
        "ID": "CVE-2023-24488",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix ADC and Citrix Gateway\u202f",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1",
                          "version_value": "13.1-45.61 "
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0",
                          "version_value": "13.0-90.11\u202f"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1",
                          "version_value": "12.1-65.35"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1-FIPS ",
                          "version_value": "12.1-55.296"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1-FIPS ",
                          "version_value": "13.1-37.150 "
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1-NDcPP",
                          "version_value": "12.1-55.296"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Citrix"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway\u202f\u00a0in allows and attacker to perform cross site scripting"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-65.35",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-90.11",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-45.61",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-55.296",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-55.296",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-65.35",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-90.11",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-45.61",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@citrix.com",
          "ID": "CVE-2023-24488"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability\u00a0in Citrix ADC and Citrix Gateway?\u00a0in allows and attacker to perform cross site scripting"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-07-11T13:28Z",
      "publishedDate": "2023-07-10T21:15Z"
    }
  }
}

WID-SEC-W-2023-1704

Vulnerability from csaf_certbund - Published: 2023-07-10 22:00 - Updated: 2023-07-10 22:00

Summary

Citrix ADC und Gateway: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Citrix Application Delivery Controller (ADC) ist eine Lösung zur Anwendungsbereitstellung und Lastverteilung. Citrix Gateway ist eine vom Kunden verwaltete Lösung, die vor Ort oder in jeder öffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann. Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On für alle virtuellen, SaaS- und Web-Anwendungen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um Informationen offenzulegen und um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Hardware Appliance - Appliance

CVE-2023-24488

In Citrix Systems ADC und Citrix Systems Citrix Gateway wurde eine Cross-Site-Scripting-Schwachstelle entdeckt. Das Problem wird durch unsachgemäße Filterung der vom Benutzer eingegebenen Daten vor der Anzeige der Eingaben verursacht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Skriptcode im Sicherheitskontext einer betroffenen Website auszuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion und die Appliance muss als "Gateway" (SSL VPN, ICA Proxy, CVPN, RDP Proxy) oder "AAA Virtual Server" konfiguriert sein.

CVE-2023-24487

Es besteht eine nicht näher beschriebene Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Ein Angreifer, der auf NSIP- oder SNIP-Verwaltungsschnittstellen zugreifen kann, kann dies ausnutzen, um beliebige Dateien zu lesen.

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/advisories/GHSA-9p94-mp85-fwj9	external
https://github.com/advisories/GHSA-96hm-6c2p-p3f2	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Application Delivery Controller (ADC) ist eine L\u00f6sung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix Gateway ist eine vom Kunden verwaltete L\u00f6sung, die vor Ort oder in jeder \u00f6ffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann.  Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On f\u00fcr alle virtuellen, SaaS- und Web-Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um Informationen offenzulegen und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Hardware Appliance\n- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1704 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1704.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1704 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1704"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory vom 2023-07-10",
        "url": "https://github.com/advisories/GHSA-9p94-mp85-fwj9"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory vom 2023-07-10",
        "url": "https://github.com/advisories/GHSA-96hm-6c2p-p3f2"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix ADC und Gateway: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-07-10T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:13.891+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1704",
      "initial_release_date": "2023-07-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-45.61",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-45.61",
                  "product_id": "T028485",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-45.61"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.0-90.11",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.0-90.11",
                  "product_id": "T028487",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.0-90.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-65.35",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-65.35",
                  "product_id": "T028489",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-65.35"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-55.296 (FIPS)",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-55.296 (FIPS)",
                  "product_id": "T028491",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-55.296::fips"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-37.150 (FIPS)",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-37.150 (FIPS)",
                  "product_id": "T028492",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-37.150::fips"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-55.296 (NDcPP)",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-55.296 (NDcPP)",
                  "product_id": "T028493",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-55.296::ndcpp"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ADC"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.1-45.61",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.1-45.61",
                  "product_id": "T028486",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.1-45.61"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.0-90.11",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.0-90.11",
                  "product_id": "T028488",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.0-90.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 12.1-65.35",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 12.1-65.35",
                  "product_id": "T028490",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:12.1-65.35"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Citrix Gateway"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24488",
      "notes": [
        {
          "category": "description",
          "text": "In Citrix Systems ADC und Citrix Systems Citrix Gateway wurde eine Cross-Site-Scripting-Schwachstelle entdeckt. Das Problem wird durch unsachgem\u00e4\u00dfe Filterung der vom Benutzer eingegebenen Daten vor der Anzeige der Eingaben verursacht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Skriptcode im Sicherheitskontext einer betroffenen Website auszuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion und die Appliance muss als \"Gateway\" (SSL VPN, ICA Proxy, CVPN, RDP Proxy) oder \"AAA Virtual Server\" konfiguriert sein."
        }
      ],
      "release_date": "2023-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-24488"
    },
    {
      "cve": "CVE-2023-24487",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine nicht n\u00e4her beschriebene Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Ein Angreifer, der auf NSIP- oder SNIP-Verwaltungsschnittstellen zugreifen kann, kann dies ausnutzen, um beliebige Dateien zu lesen."
        }
      ],
      "release_date": "2023-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-24487"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-24488 (GCVE-0-2023-24488)

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

CERTFR-2023-AVI-0366

Solution

CERTFR-2023-AVI-0366

Solution

BDU:2023-04043

FKIE_CVE-2023-24488

GHSA-9P94-MP85-FWJ9

GSD-2023-24488

WID-SEC-W-2023-1704

Tags

Sightings

Nomenclature