CVE-2015-7997
Summary
| CVE | CVE-2015-7997 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-11-17 15:59:00 UTC |
| Updated | 2016-12-07 18:25:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Citrix | Netscaler Application Delivery Controller Firmware | 10.1 | All | All | All |
| Operating System | Citrix | Netscaler Application Delivery Controller Firmware | 10.5 | All | All | All |
| Operating System | Citrix | Netscaler Application Delivery Controller Firmware | 10.1 | All | All | All |
| Operating System | Citrix | Netscaler Application Delivery Controller Firmware | 10.5 | All | All | All |
| Operating System | Citrix | Netscaler Gateway Firmware | 10.1 | All | All | All |
| Operating System | Citrix | Netscaler Gateway Firmware | 10.5 | All | All | All |
| Operating System | Citrix | Netscaler Gateway Firmware | 10.1 | All | All | All |
| Operating System | Citrix | Netscaler Gateway Firmware | 10.5 | All | All | All |
| Operating System | Citrix | Netscaler Service Delivery Appliance Service Vm | 10.5e | All | All | All |
| Operating System | Citrix | Netscaler Service Delivery Appliance Service Vm | 10.5e | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Citrix NetScaler Service Delivery Appliance Bugs Let Local Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Scripting Attack and Obtain Passwords - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Citrix NetScaler Service Delivery Appliance and Citrix CloudBridge WAN Optimization Appliance Multiple Security Updates | CONFIRM | support.citrix.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.