CVE-2015-7997: XSS
First published: Tue Nov 17 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix NetScaler Service Delivery Appliance | =10.5e | |
| Citrix Application Delivery Controller Firmware | =10.1 | |
| Citrix Application Delivery Controller Firmware | =10.5 | |
| Citrix Netscaler Gateway Firmware | =10.1 | |
| Citrix Netscaler Gateway Firmware | =10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What are the cross-site scripting vulnerabilities in CVE-2015-7997?
CVE-2015-7997 describes multiple cross-site scripting (XSS) vulnerabilities found in the Nitro API of specific Citrix NetScaler products.
What versions of Citrix software are affected by CVE-2015-7997?
CVE-2015-7997 affects Citrix NetScaler Application Delivery Controller and Gateway versions prior to 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e.
How do I fix CVE-2015-7997?
To remediate CVE-2015-7997, users should upgrade to the latest versions of affected Citrix products as recommended in Citrix security advisories.
What impact does CVE-2015-7997 have on Citrix NetScaler users?
CVE-2015-7997 can allow attackers to execute malicious scripts on users' browsers, potentially compromising sensitive information.
Is CVE-2015-7997 a high-severity vulnerability?
CVE-2015-7997 is typically considered a high-severity vulnerability due to the potential for XSS attacks.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/citrix
- canonical/citrix netscaler service delivery appliance
- version/citrix netscaler service delivery appliance/10.5e
- canonical/citrix application delivery controller firmware
- version/citrix application delivery controller firmware/10.1
- version/citrix application delivery controller firmware/10.5
- canonical/citrix netscaler gateway firmware
- version/citrix netscaler gateway firmware/10.1
- version/citrix netscaler gateway firmware/10.5