3 results (0.014 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Citrix StoreFront afecta a la versión 1912 anterior a CU5 y versión 3.12 anterior a CU9 • https://support.citrix.com/article/CTX377814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. Una autenticación inapropiada en Citrix StoreFront Server versiones anteriores a 1912.0.1000, permite a un atacante que está autenticado en el mismo dominio del Microsoft Active Directory como un servidor Citrix StoreFront leer archivos arbitrarios de ese servidor • https://support.citrix.com/article/CTX277455 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. Citrix StoreFront Server versiones anteriores a 1903, 7.15 LTSR antes del CU4 (3.12.4000) y versión 7.6 LTSR antes del CU8 (3.0.8000), permite ataques de tipo XXE. Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. • https://support.citrix.com/article/CTX251988 • CWE-611: Improper Restriction of XML External Entity Reference •