Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8191

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).

Published

2020-07-10T16:15:12.077

Last Modified

2024-11-21T05:38:28.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-79
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System citrix application_delivery_controller_firmware < 10.5-70.18 Yes
Operating System citrix application_delivery_controller_firmware < 11.1-64.14 Yes
Operating System citrix application_delivery_controller_firmware < 12.0-63.21 Yes
Operating System citrix application_delivery_controller_firmware < 12.1-57.18 Yes
Operating System citrix application_delivery_controller_firmware < 13.0-58.30 Yes
Hardware citrix application_delivery_controller - No
Operating System citrix netscaler_gateway_firmware < 10.5-70.18 Yes
Operating System citrix netscaler_gateway_firmware < 11.1-64.14 Yes
Operating System citrix netscaler_gateway_firmware < 12.0-63.21 Yes
Operating System citrix netscaler_gateway_firmware < 12.1-57.18 Yes
Hardware citrix netscaler_gateway - No
Operating System citrix gateway_firmware < 13.0-58.30 Yes
Hardware citrix gateway - No
Operating System citrix sd-wan_wanop < 10.2.7 Yes
Operating System citrix sd-wan_wanop < 11.0.3d Yes
Operating System citrix sd-wan_wanop < 11.1.1a Yes
Hardware citrix 4000-wo - No
Hardware citrix 4100-wo - No
Hardware citrix 5000-wo - No
Hardware citrix 5100-wo - No
References