CVE-2018-6811
MEDIUMCitrix NetScaler ADC and Gateway 10.5 11.0 11.1 12.0 - Cross-Site Scripting
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX232161
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040440
Scores
CVSS v3
6.1
EPSS
0.0026
EPSS Percentile
48.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (8)
citrix/netscaler_application_delivery_controller_firmware
10.5
citrix/netscaler_application_delivery_controller_firmware
11.0
citrix/netscaler_application_delivery_controller_firmware
11.1
citrix/netscaler_application_delivery_controller_firmware
12.0
citrix/netscaler_gateway_firmware
10.5
citrix/netscaler_gateway_firmware
11.0
citrix/netscaler_gateway_firmware
11.1
citrix/netscaler_gateway_firmware
12.0
Published
Mar 06, 2018
Tracked Since
Feb 18, 2026