CVE-2022-27505

nvd nist

Published: Apr 13, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Reflected cross site scripting (XSS)

Affected (18)

Products: Citrix: Sd Wan 110 Firmware, Sd Wan 210 Firmware, Sd Wan 400 Firmware, Sd Wan 410 Firmware, Sd Wan 1000 Firmware, Sd Wan 2000 Firmware, Sd Wan 2100 Firmware, Sd Wan 4000 Firmware, Sd Wan 4100 Firmware, Sd Wan 5100 Firmware, Sd Wan 6100 Firmware, Sd Wan 1100 Firmware

12 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 110 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 110	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 210 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 210	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 400 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 400	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 410 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 410	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 1000 Firmware	Before 11.4.3a
Citrix Sd Wan 1000 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 1000	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 2000 Firmware	Before 11.4.3a
Citrix Sd Wan 2000 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 2000	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 2100 Firmware	Before 11.4.3a
Citrix Sd Wan 2100 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 2100	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 4000 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 4000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 4100 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 4100	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 5100 Firmware	Before 11.4.3a
Citrix Sd Wan 5100 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 5100	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 6100 Firmware	Before 11.4.3a
Citrix Sd Wan 6100 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 6100	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 1100 Firmware	Before 11.4.3a
Citrix Sd Wan 1100 Firmware	Before 11.4.3a

Running on/with	Platform Versions
Citrix Sd Wan 1100	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.citrix.com/article/CTX370550

Source: secure@citrix.com

Vendor Advisory

https://support.citrix.com/article/CTX370550

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.