{"api_version":"1","generated_at":"2026-04-23T09:37:01+00:00","cve":"CVE-2015-7997","urls":{"html":"https://cve.report/CVE-2015-7997","api":"https://cve.report/api/cve/CVE-2015-7997.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-7997","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-7997"},"summary":{"title":"CVE-2015-7997","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2015-11-17 15:59:00","updated_at":"2016-12-07 18:25:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1034167","name":"1034167","refsource":"SECTRACK","tags":[],"title":"Citrix NetScaler Service Delivery Appliance Bugs Let Local Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Scripting Attack and Obtain Passwords - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.citrix.com/article/CTX202482","name":"http://support.citrix.com/article/CTX202482","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Citrix NetScaler Service Delivery Appliance and Citrix CloudBridge WAN Optimization Appliance Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-7997","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7997","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_application_delivery_controller_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_gateway_firmware","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_service_delivery_appliance_service_vm","cpe6":"10.5e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7997","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"citrix","cpe5":"netscaler_service_delivery_appliance_service_vm","cpe6":"10.5e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-7997","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1034167","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1034167"},{"name":"http://support.citrix.com/article/CTX202482","refsource":"CONFIRM","url":"http://support.citrix.com/article/CTX202482"}]}},"nvd":{"publishedDate":"2015-11-17 15:59:00","lastModifiedDate":"2016-12-07 18:25:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"7997","Ordinal":"85013","Title":"CVE-2015-7997","CVE":"CVE-2015-7997","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"7997","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"7997","Ordinal":"2","NoteData":"2015-11-17","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"7997","Ordinal":"3","NoteData":"2016-12-05","Type":"Other","Title":"Modified"}]}}}