QwikSec

Security Database

CVE

CWE

Training

CVE-2015-2839

Published: Apr 3, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150319 Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting

mailing-list

x_refsource_BUGTRAQ

https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix_page_is_vulnerable_to_cross_site_scripting.html

x_refsource_MISC

20150319 Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/130931/Citrix-NITRO-SDK-xen_hotfix-Cross-Site-Scripting.html

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.