CVE-2020-8208

Published Aug 17, 2020

Last updated 3 months ago

CVSS medium 6.1

Overview

Description: Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
Source: support@hackerone.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

support@hackerone.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CA09036-632C-43B1-905D-9C0791741175",
            "versionEndIncluding": "10.8.0"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08A7F5AB-EBFF-4178-A453-E15DE705297E"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "694A17F8-C261-4980-9599-0FD10FE28B29"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA372FE3-5F64-4578-B7EF-D5858A09A2CD"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A620E08-F0EA-4132-8D2F-8D1DD284DD16"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.9.0:rolling_patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD2FC0D4-D4CD-4E18-8B87-9DF5FC5EC851"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90CBB0DC-9216-4224-B1C7-B852990FE2FF"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D13600BB-D45D-4EE0-BE08-C9AB9778E42C"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12B7F68D-7F6F-4305-BDD2-2B3F6FBF12EE"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FCF41C7-62BC-4DF4-8A38-4E727E492CEF"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65AD3824-ABE8-4FD2-B201-C11E7D11E938"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.10.0:rolling_patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AFAE25F-DF7D-45EE-91DE-3A07F4D5625D"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E2CC054-2FC3-4C68-A3AB-411382CD1332"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABD3BDF2-39B2-4C5C-A647-406142363632"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88FF116A-5E98-402D-901D-F4A91006722B"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.11.0:rolling_patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0748ECB6-DCD1-4B49-A0A8-E0ABFC5F1EAD"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33335E33-AAE8-4DAB-85B7-6B376993EC2C"
          },
          {
            "criteria": "cpe:2.3:a:citrix:xenmobile_server:10.12.0:rolling_patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50F4279F-C878-4684-9DA7-0C9FDE213D6A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References