CVE-2023-3466 - OpenCVE

Reflected Cross-Site Scripting (XSS)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Netscaler Gateway Netscaler Application Delivery Controller

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22::::fips:::
	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

References

Link	Resource
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Citrix

Published: 2023-07-19T18:21:05.262Z

Updated: 2023-07-19T18:21:05.262Z

Reserved: 2023-06-29T21:03:53.903Z

Link: CVE-2023-3466

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-19T19:15:12.017

Modified: 2023-07-28T14:54:11.013

Link: CVE-2023-3466

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3466", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2023-06-29T21:03:53.903Z", "datePublished": "2023-07-19T18:21:05.262Z", "dateUpdated": "2023-07-19T18:21:05.262Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetScaler ADC\u202f", "vendor": "Citrix", "versions": [{"lessThan": "49.13", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "91.13", "status": "affected", "version": "13.0", "versionType": "patch"}, {"lessThan": "37.159", "status": "affected", "version": "13.1-FIPS", "versionType": "patch"}, {"lessThan": "55.297", "status": "affected", "version": "12.1-FIPS ", "versionType": "patch"}, {"lessThan": "55.297", "status": "affected", "version": "12.1-NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "NetScaler Gateway", "vendor": "Citrix", "versions": [{"lessThan": "49.13", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "91.13", "status": "affected", "version": "13.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Reflected Cross-Site Scripting (XSS)</span><br>"}], "value": "Reflected Cross-Site Scripting (XSS)\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2023-07-19T18:21:05.262Z"}, "references": [{"url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "8927B2FA-F87E-4D81-AC29-9032184ECB7E", "versionEndExcluding": "12.1-55.297", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "9845E7B1-5604-497D-8241-048E91987C13", "versionEndExcluding": "12.1-55.297", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "AD949674-8DC1-4B0D-8C0C-F593539E12F1", "versionEndExcluding": "13.0-91.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4", "versionEndExcluding": "13.1-37.159", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0", "versionEndExcluding": "13.1-49.13", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*", "matchCriteriaId": "102C0D0F-AC37-43B0-8B9A-103B37436130", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC825A83-8D84-42C7-868F-0470FF79D497", "versionEndExcluding": "13.0-91.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "442F6925-199D-4E5B-84C1-05C4D8108B62", "versionEndExcluding": "13.1-49.13", "versionStartIncluding": "13.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Reflected Cross-Site Scripting (XSS)\n"}], "id": "CVE-2023-3466", "lastModified": "2023-07-28T14:54:11.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2023-07-19T19:15:12.017", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@citrix.com", "type": "Secondary"}]}