------------------------------------------------------------------------ Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting ------------------------------------------------------------------------ Han Sahin, August 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK. This issue allows attackers to perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9;, other versions may also be affected. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Citrix reports that this vulnerability is fixed in NetScaler 10.5 build 52.3nc. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix_page_is_vulnerable_to_cross_site_scripting.html
