CVE-2023-6184
https://notcve.org/view.php?id=CVE-2023-6184
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting • https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2023-24490 – Users with only access to launch VDA applications can launch an unauthorized desktop
https://notcve.org/view.php?id=CVE-2023-24490
Users with only access to launch VDA applications can launch an unauthorized desktop • https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490 • CWE-284: Improper Access Control •
CVE-2023-24483 – Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA
https://notcve.org/view.php?id=CVE-2023-24483
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. • https://support.citrix.com/article/CTX477616/citrix-virtual-apps-and-desktops-security-bulletin-for-cve202324483 • CWE-269: Improper Privilege Management •
CVE-2021-22928
https://notcve.org/view.php?id=CVE-2021-22928
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. Se ha identificado una vulnerabilidad en Citrix Virtual Apps and Desktops que podría, si es explotado, permitir a un usuario de un VDA de Windows que tenga instalado Citrix Profile Management o Citrix Profile Management WMI Plugin escalar su nivel de privilegios en ese VDA de Windows a SYSTEM • https://support.citrix.com/article/CTX319750 •
CVE-2020-8283
https://notcve.org/view.php?id=CVE-2020-8283
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. Un usuario autorizado en un host de Windows que ejecuta Citrix Universal Print Server, puede llevar a cabo comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versiones 7.15 LTSR CU6 hotfix CTX285344 y 7.6 LTSR CU9 • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •