CVE-2015-7997

Citrix NetScaler <10.1.133.9-10.5.58.11-10.5.e56.1505.e - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034167

Patch, Vendor Advisory x_refsource_confirm

http://support.citrix.com/article/CTX202482

Scores

EPSS 0.0029

EPSS Percentile 52.7%

Details

CWE

CWE-79

Status published

Products (5)

citrix/netscaler_application_delivery_controller_firmware 10.1

citrix/netscaler_application_delivery_controller_firmware 10.5

citrix/netscaler_gateway_firmware 10.1

citrix/netscaler_gateway_firmware 10.5

citrix/netscaler_service_delivery_appliance_service_vm 10.5e

Published Nov 17, 2015

Tracked Since Feb 18, 2026