What is the severity of CVE-2016-4945?

CVE-2016-4945 has a critical severity rating as it allows remote attackers to execute arbitrary scripts on victim browsers.

How do I fix CVE-2016-4945?

To fix CVE-2016-4945, upgrade your Citrix NetScaler Gateway to release 11.0 Build 66.11 or later.

Which versions are affected by CVE-2016-4945?

CVE-2016-4945 affects Citrix NetScaler Gateway versions prior to Build 66.11, specifically those below Build 65.35.

What type of vulnerability is CVE-2016-4945?

CVE-2016-4945 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.

Can CVE-2016-4945 be exploited without authentication?

Yes, CVE-2016-4945 can potentially be exploited by unauthenticated users through the NSC_TMAC cookie.

Vulnerability/
CVE-2016-4945

medium

6.1

CWE

1/6/2016

6/8/2024

CVE-2016-4945: XSS

First published: Wed Jun 01 2016(Updated: )

Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Citrix NetScaler Gateway 11.0
Citrix Netscaler Gateway 11.0 Firmware	<=65.35

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-4945?
CVE-2016-4945 has a critical severity rating as it allows remote attackers to execute arbitrary scripts on victim browsers.
How do I fix CVE-2016-4945?
To fix CVE-2016-4945, upgrade your Citrix NetScaler Gateway to release 11.0 Build 66.11 or later.
Which versions are affected by CVE-2016-4945?
CVE-2016-4945 affects Citrix NetScaler Gateway versions prior to Build 66.11, specifically those below Build 65.35.
What type of vulnerability is CVE-2016-4945?
CVE-2016-4945 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.
Can CVE-2016-4945 be exploited without authentication?
Yes, CVE-2016-4945 can potentially be exploited by unauthenticated users through the NSC_TMAC cookie.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/tags
agent/event
agent/description
agent/first-publish-date
agent/source
vendor/citrix
canonical/citrix netscaler gateway 11.0
canonical/citrix netscaler gateway 11.0 firmware
version/citrix netscaler gateway 11.0 firmware/65.35

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2016-4945?
CVE-2016-4945 has a critical severity rating as it allows remote attackers to execute arbitrary scripts on victim browsers.
How do I fix CVE-2016-4945?
To fix CVE-2016-4945, upgrade your Citrix NetScaler Gateway to release 11.0 Build 66.11 or later.
Which versions are affected by CVE-2016-4945?
CVE-2016-4945 affects Citrix NetScaler Gateway versions prior to Build 66.11, specifically those below Build 65.35.
What type of vulnerability is CVE-2016-4945?
CVE-2016-4945 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.
Can CVE-2016-4945 be exploited without authentication?
Yes, CVE-2016-4945 can potentially be exploited by unauthenticated users through the NSC_TMAC cookie.