CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4346 – Citrix Netscaler Disclosure / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4346
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz del usuario de administración en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) 10.1 anterior a 10.1-126.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2014/Jul/77 http://secunia.com/advisories/59942 http://support.citrix.com/article/CTX140863 http://www.securityfocus.com/archive/1/532802/100/0/threaded http://www.securityfocus.com/bid/68535 http://www.securitytracker.com/id/1030572 http://www.securitytracker.com/id/1030573 https://exchange.xforce.ibmcloud.com/vulnerabilities/94493 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4347 – Citrix Netscaler Disclosure / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4347
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) anterior a 9.3-62.4 y 10.x anterior a 10.1-126.12 permite a atacantes obtener información sensible a través de vectores relacionados con una cookie. Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2014/Jul/77 http://secunia.com/advisories/59942 http://support.citrix.com/article/CTX140863 http://www.securityfocus.com/archive/1/532802/100/0/threaded http://www.securityfocus.com/bid/68537 http://www.securitytracker.com/id/1030572 http://www.securitytracker.com/id/1030573 https://exchange.xforce.ibmcloud.com/vulnerabilities/94494 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-2_Citrix_NetScaler_Multiple_Vulnerabilities_v10. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1899
https://notcve.org/view.php?id=CVE-2014-1899
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Citrix NetScaler Gateway (anteriormente Citrix Access Gateway Enterprise Edition) 9.x anterior a 9.3.66.5 y 10.x anterior a 10.1.123.9 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/67177 http://www.securitytracker.com/id/1030186 https://support.citrix.com/article/CTX140291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2881
https://notcve.org/view.php?id=CVE-2014-2881
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. Vulnerabilidad no especificada en la implementación de acuerdo clave Diffie-Hellman en el Applet Java de gestión de la interfaz gráfica de usuario en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 y 10.x anterior a 10.1-122.17 tiene impacto y vectores desconocidos. • http://support.citrix.com/article/CTX140651 http://www.securitytracker.com/id/1030180 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2882
https://notcve.org/view.php?id=CVE-2014-2882
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. Vulnerabilidad no especificada en la GUI de gestión en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 y 10.x anterior a 10.1-122.17 tiene impacto y vectores no especificados, relacionado con validación de certificado. • http://support.citrix.com/article/CTX140651 http://www.securitytracker.com/id/1030180 •