Vulnerabilities > Citrix

DATE CVE VULNERABILITY TITLE RISK
2024-01-18 CVE-2023-6184 Cross-site Scripting vulnerability in Citrix Virtual Apps and Desktops
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
network
low complexity
citrix CWE-79
7.2
2024-01-17 CVE-2023-6549 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service
network
low complexity
citrix CWE-119
7.5
2024-01-17 CVE-2023-6548 Code Injection vulnerability in Citrix products
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
network
low complexity
citrix CWE-94
8.8
2023-10-27 CVE-2023-4967 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
network
low complexity
citrix CWE-119
7.5
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
2023-07-19 CVE-2023-3466 Cross-site Scripting vulnerability in Citrix products
Reflected Cross-Site Scripting (XSS)
network
low complexity
citrix CWE-79
6.1
2023-07-19 CVE-2023-3467 Unspecified vulnerability in Citrix products
Privilege Escalation to root administrator (nsroot)
low complexity
citrix
8.0
2023-07-19 CVE-2023-3519 Code Injection vulnerability in Citrix products
Unauthenticated remote code execution
network
low complexity
citrix CWE-94
critical
9.8
2023-07-11 CVE-2023-24491 Unspecified vulnerability in Citrix Secure Access Client
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
local
low complexity
citrix
7.8
2023-07-11 CVE-2023-24492 Code Injection vulnerability in Citrix Secure Access Client
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
network
low complexity
citrix CWE-94
8.8