CVE-2023-24488 MEDIUM

CVE-2023-24488: Cross site scripting

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Weakness CWE-79 · XSS

Published July 10, 2023

Last update October 25, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

Key dates

02Disclosure timeline

July 10, 2023 CVE published

October 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-24488 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2023-24488

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Affected ≥ 13.1 and < 13.1-45.61

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Affected ≥ 13.0 and < 13.0-90.11

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Affected ≥ 12.1 and < 12.1-65.35

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Affected ≥ 12.1-FIPS and < 12.1-55.296

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Affected ≥ 13.1-FIPS and < 13.1-37.150

Vendor Citrix

Product Citrix ADC and Citrix Gateway

Affected ≥ 12.1-NDcPP and < 12.1-55.296

CVE-2023-24488: Cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE