CVE-2018-10653

CRITICAL

Citrix XenMobile Server <10.8 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10653. PoCs published by Jonas Lejon.

AI-analyzed exploit summary This PoC exploits an XXE (XML External Entity) injection vulnerability in Citrix XenMobile Server by sending a maliciously crafted XML payload to the '/zdm/ios/mdm' endpoint, triggering an out-of-band callback to a controlled webhook for data exfiltration or SSRF.

Description

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Exploits (1)

exploitdb WORKING POC
by Jonas Lejon · pythonwebappsxml
https://www.exploit-db.com/exploits/47951

This PoC exploits an XXE (XML External Entity) injection vulnerability in Citrix XenMobile Server by sending a maliciously crafted XML payload to the '/zdm/ios/mdm' endpoint, triggering an out-of-band callback to a controlled webhook for data exfiltration or SSRF.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3
No auth needed
Prerequisites: Network access to the target XenMobile Server · A controlled webhook or server to receive the XXE callback
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX234879

Scores

CVSS v3 9.8
EPSS 0.0680
EPSS Percentile 93.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (2)
citrix/xenmobile_server 10.8 (2 CPE variants)
citrix/xenmobile_server 10.7 (3 CPE variants)
Published May 23, 2018
Tracked Since Feb 18, 2026