CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0CVE-2023-6184
https://notcve.org/view.php?id=CVE-2023-6184
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting • https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.3EPSS: 0%CPEs: 22EXPL: 0CVE-2023-24490 – Users with only access to launch VDA applications can launch an unauthorized desktop
https://notcve.org/view.php?id=CVE-2023-24490
Users with only access to launch VDA applications can launch an unauthorized desktop • https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-24483 – Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA
https://notcve.org/view.php?id=CVE-2023-24483
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. • https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483 • CWE-269: Improper Privilege Management •