CVE-2016-4945
MEDIUM EXPLOITEDCitrix NetScaler Gateway 11.0 < 65.35 - Cross-Site Scripting via NSC_TMAC Cookie
Title source: llmExploitation Summary
CVE-2016-4945 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538515/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036020
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX213313
Various Sources x_refsource_misc
http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt
Scores
CVSS v3
6.1
EPSS
0.0062
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2024-07-16
CWE
CWE-79
Status
published
Products (1)
citrix/netscaler_gateway_11.0_firmware
< 65.35
Published
Jun 01, 2016
Tracked Since
Feb 18, 2026