Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Service Delivery Appliance Service Vm | 10.5e |
| Citrix | Netscaler Application Delivery Controller Firmware | 10.1 |
| Citrix | Netscaler Gateway Firmware | 10.1 |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX202482PatchVendor Advisory
- http://www.securitytracker.com/id/1034167
- http://support.citrix.com/article/CTX202482PatchVendor Advisory
- http://www.securitytracker.com/id/1034167
FAQ
What is CVE-2015-7997?
CVE-2015-7997 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, a...
How severe is CVE-2015-7997?
CVE-2015-7997 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7997?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Service Delivery Appliance Service Vm, Citrix Netscaler Application Delivery Controller Firmware, Citrix Netscaler Gateway Firmware.