CVE-2020-8208

Published: Aug 17, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).

Affected (18)

Products: Citrix: Xenmobile Server

Citrix

1 product

Xenmobile Server

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenmobile Server	Up to 10.8.0
Citrix Xenmobile Server	Version 10.10.0
Citrix Xenmobile Server	Version 10.10.0 rolling_patch1
Citrix Xenmobile Server	Version 10.10.0 rolling_patch2
Citrix Xenmobile Server	Version 10.10.0 rolling_patch3
Citrix Xenmobile Server	Version 10.10.0 rolling_patch4
Citrix Xenmobile Server	Version 10.10.0 rolling_patch5
Citrix Xenmobile Server	Version 10.11.0
Citrix Xenmobile Server	Version 10.11.0 rolling_patch1
Citrix Xenmobile Server	Version 10.11.0 rolling_patch2
Citrix Xenmobile Server	Version 10.11.0 rolling_patch3
Citrix Xenmobile Server	Version 10.12.0
Citrix Xenmobile Server	Version 10.12.0 rolling_patch1
Citrix Xenmobile Server	Version 10.9.0
Citrix Xenmobile Server	Version 10.9.0 rolling_patch1
Citrix Xenmobile Server	Version 10.9.0 rolling_patch2
Citrix Xenmobile Server	Version 10.9.0 rolling_patch3
Citrix Xenmobile Server	Version 10.9.0 rolling_patch4

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.citrix.com/article/CTX277457

Source: support@hackerone.com

Vendor Advisory

https://support.citrix.com/article/CTX277457

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.