CVE-2020-8208
MEDIUMCitrix XenMobile Server < 10.12 RP1, < 10.11 RP6, < 10.9 RP5 - Cross-Site Scripting
Title source: llmDescription
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX277457
Scores
CVSS v3
6.1
EPSS
0.0039
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
citrix/xenmobile_server
10.9.0 (5 CPE variants)
citrix/xenmobile_server
10.10.0 (6 CPE variants)
citrix/xenmobile_server
10.11.0 (4 CPE variants)
citrix/xenmobile_server
10.12.0 (2 CPE variants)
citrix/xenmobile_server
< 10.8.0
Published
Aug 17, 2020
Tracked Since
Feb 18, 2026