CVE-2020-8191

Published: Jul 10, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).

Affected (13)

Products: Citrix: Application Delivery Controller Firmware, Netscaler Gateway Firmware, Gateway Firmware, Sd Wan Wanop

Citrix

4 products

Application Delivery Controller Firmware

Netscaler Gateway Firmware

Gateway Firmware

Sd Wan Wanop

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Application Delivery Controller Firmware	From 10.5 to 10.5-70.18
Citrix Application Delivery Controller Firmware	From 11.1 to 11.1-64.14
Citrix Application Delivery Controller Firmware	From 12.0 to 12.0-63.21
Citrix Application Delivery Controller Firmware	From 12.1 to 12.1-57.18
Citrix Application Delivery Controller Firmware	From 13.0 to 13.0-58.30

Running on/with	Platform Versions
Citrix Application Delivery Controller	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Netscaler Gateway Firmware	From 10.5 to 10.5-70.18
Citrix Netscaler Gateway Firmware	From 11.1 to 11.1-64.14
Citrix Netscaler Gateway Firmware	From 12.0 to 12.0-63.21
Citrix Netscaler Gateway Firmware	From 12.1 to 12.1-57.18

Running on/with	Platform Versions
Citrix Netscaler Gateway	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Gateway Firmware	From 13.0 to 13.0-58.30

Running on/with	Platform Versions
Citrix Gateway	All versions

Configuration D

3 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan Wanop	From 10.2 to 10.2.7
Citrix Sd Wan Wanop	From 11.0 to 11.0.3d
Citrix Sd Wan Wanop	From 11.1 to 11.1.1a

Running on/with	Platform Versions
Citrix 4000 Wo	All versions
Citrix 4100 Wo	All versions
Citrix 5000 Wo	All versions
Citrix 5100 Wo	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.citrix.com/article/CTX276688

Source: support@hackerone.com

Vendor Advisory

https://support.citrix.com/article/CTX276688

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.