CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2022-27505
https://notcve.org/view.php?id=CVE-2022-27505
Reflected cross site scripting (XSS) Una vulnerabilidad de tipo cross site scripting (XSS) Reflejado • https://support.citrix.com/article/CTX370550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2022-27506
https://notcve.org/view.php?id=CVE-2022-27506
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Unas credenciales embebidas permiten a administradores acceder al shell por medio de la CLI de SD-WAN • https://support.citrix.com/article/CTX370550 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27503
https://notcve.org/view.php?id=CVE-2022-27503
Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Citrix StoreFront afecta a la versión 1912 anterior a CU5 y versión 3.12 anterior a CU9 • https://support.citrix.com/article/CTX377814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-26151
https://notcve.org/view.php?id=CVE-2022-26151
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Citrix XenMobile Server 10.12 hasta RP11, 10.13 hasta RP7 y 10.14 hasta RP4 permiten la inyección de comandos • https://support.citrix.com/article/CTX370551 https://support.citrix.com/search https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 0CVE-2021-44520
https://notcve.org/view.php?id=CVE-2021-44520
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. En Citrix XenMobile Server versiones hasta 10.12 RP9, se presenta una vulnerabilidad de Inyección de Comandos Autenticados, conllevando a una ejecución de código remota con privilegios root • https://docs.citrix.com/en-us/xenmobile/server/document-history.html https://gist.github.com/tree-chtsec/766f81e22ae383987d75eedb3b23b709 https://support.citrix.com/article/CTX370551 https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •