Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller Firmware | 10.1 |
| Citrix | Netscaler Gateway Firmware | 10.1 |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX201334Vendor Advisory
- http://www.securitytracker.com/id/1033618
- http://support.citrix.com/article/CTX201334Vendor Advisory
- http://www.securitytracker.com/id/1033618
FAQ
What is CVE-2015-6672?
CVE-2015-6672 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build ...
How severe is CVE-2015-6672?
CVE-2015-6672 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6672?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller Firmware, Citrix Netscaler Gateway Firmware.