← Back

CVE-2023-6184

nvd nist
Published: Jan 18, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

Affected (14)

Citrix
1 product
Virtual Apps And Desktops
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Virtual Apps And Desktops
Up to 2311
Virtual Apps And Desktops
Version 1912
Virtual Apps And Desktops
Version 1912 cu1
Virtual Apps And Desktops
Version 1912 cu2
Virtual Apps And Desktops
Version 1912 cu3
Virtual Apps And Desktops
Version 1912 cu3
Virtual Apps And Desktops
Version 1912 cu4
Virtual Apps And Desktops
Version 1912 cu5
Virtual Apps And Desktops
Version 1912 cu6
Virtual Apps And Desktops
Version 1912 cu7
Virtual Apps And Desktops
Version 2203
Virtual Apps And Desktops
Version 2203 cu1
Virtual Apps And Desktops
Version 2203 cu2
Virtual Apps And Desktops
Version 2203 cu3

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-913
Improper Control of Dynamically-Managed Code Resources
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

References (2)

Source: secure@citrix.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.