8.3
CVE-2023-3466
- EPSS 0.94%
- Published 19.07.2023 19:15:12
- Last modified 21.11.2024 08:17:19
- Source secure@citrix.com
- Teams watchlist Login
- Open Login
Reflected Cross-Site Scripting (XSS)
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.297
Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.297
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.0 < 13.0-91.13
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.159
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-49.13
Citrix ≫ Netscaler Application Delivery Controller Version11.1-65.22 SwEditionfips
Citrix ≫ NetScaler Gateway Version >= 13.0 < 13.0-91.13
Citrix ≫ NetScaler Gateway Version >= 13.1 < 13.1-49.13
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.754 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| secure@citrix.com | 8.3 | 1.6 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.