CVE-2015-7997
Published Nov 17, 2015
Last updated 8 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40AFE347-13AE-4064-9E71-A9B1959CFABE"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD151FA3-8B96-48AF-B908-C29EAE88EF5B"
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8C7525B-2A2D-43AF-8DA0-11FF28322337"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A254925E-AD47-4722-AAB2-43A6FEA900AC"
},
{
"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC"
}
],
"operator": "OR"
}
]
}
]